Bug 240879 - aisexec not allowed to write in /tmp
Summary: aisexec not allowed to write in /tmp
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-05-22 15:59 UTC by David Juran
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:12:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description David Juran 2007-05-22 15:59:12 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070312 Red Hat/1.5.0.10-2.el5 Firefox/1.5.0.10

Description of problem:
When starting the cluster (service cman start) the following line appears in the syslog:


May 22 17:28:37 red kernel: audit(1179844117.397:7): avc:  denied  { write } for  pid=19369 comm="aisexec" name="tmp" dev=dm-6 ino=5532385 scontext=root:sys
tem_r:ccs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

Something similar has already been reported for RHEL5, see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231496#c3

aisexec comes from openais-0.80.1-3


Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-62.fc6

How reproducible:
Always


Steps to Reproduce:
1. service cman start


Actual Results:


Expected Results:


Additional info:
Comment 1 Daniel Walsh 2007-05-23 16:57:31 UTC 
Fixed in selinux-policy-2.4.6-73
Comment 2 David Juran 2007-05-24 08:06:19 UTC 
Indeed works fine with selinux-policy-targeted-2.4.6-73.fc6 (-:
Comment 3 Daniel Walsh 2007-08-22 14:12:23 UTC 
Fixed in current release
Note You need to log in before you can comment on or make changes to this bug.