Description of problem: memcached-selinux can't be used (memcached works when only the memcached package is installed as then there's no policy in use for memcached) because it causes three audit denies. Version-Release number of selected component (if applicable): memcached-selinux-1.2.5-2.el5 Actual results: "service memcached start" says OK, but actually fails as "service memcached status" reports "memcached dead but subsys locked". Expected results: memcached starting and working with the selinux policy package (memcached-selinux). Additional info --------------- Here are the denies: Dec 23 10:47:47 web kernel: audit(1230022067.059:11): avc: denied { create } for pid=9882 comm="memcached" scontext=root:system_r:memcached_t:s0 tcontext=root:system_r:memcached_t:s0 tclass=netlink_route_socket Dec 23 10:47:47 web kernel: audit(1230022067.063:12): avc: denied { create } for pid=9882 comm="memcached" scontext=root:system_r:memcached_t:s0 tcontext=root:system_r:memcached_t:s0 tclass=netlink_route_socket Dec 23 10:47:47 web kernel: audit(1230022067.063:13): avc: denied { name_bind } for pid=9882 comm="memcached" src=11211 scontext=root:system_r:memcached_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket And here's what audit2allow says about them: #============= memcached_t ============== allow memcached_t port_t:udp_socket name_bind; allow memcached_t self:netlink_route_socket create;
I'm not an selinux expert here, and the patch for that was contributed. Can anyone help out?
memcached-1.4.5-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/memcached-1.4.5-1.el5
# yum localupdate memcached-1.4.5-1.el5.i386.rpm Setting up Local Package Process Examining memcached-1.4.5-1.el5.i386.rpm: memcached-1.4.5-1.el5.i386 Marking memcached-1.4.5-1.el5.i386.rpm as an update to memcached-1.2.8-1.el5.i386 Resolving Dependencies --> Running transaction check --> Processing Dependency: memcached = 1.2.8-1.el5 for package: memcached-selinux ---> Package memcached.i386 0:1.4.5-1.el5 set to be updated --> Processing Dependency: libevent-1.4.so.2 for package: memcached --> Finished Dependency Resolution memcached-selinux-1.2.8-1.el5.i386 from installed has depsolving problems --> Missing Dependency: memcached = 1.2.8-1.el5 is needed by package memcached-selinux-1.2.8-1.el5.i386 (installed) memcached-1.4.5-1.el5.i386 from /memcached-1.4.5-1.el5.i386 has depsolving problems --> Missing Dependency: libevent-1.4.so.2 is needed by package memcached-1.4.5-1.el5.i386 (/memcached-1.4.5-1.el5.i386) Packages skipped because of dependency problems: memcached-1.4.5-1.el5.i386 from /memcached-1.4.5-1.el5.i386 # yum remove memcached-selinux ... Removed: memcached-selinux.i386 0:1.2.8-1.el5 # yum localupdate memcached-1.4.5-1.el5.i386.rpm Setting up Local Package Process Examining memcached-1.4.5-1.el5.i386.rpm: memcached-1.4.5-1.el5.i386 Marking memcached-1.4.5-1.el5.i386.rpm as an update to memcached-1.2.8-1.el5.i386 Resolving Dependencies --> Running transaction check ---> Package memcached.i386 0:1.4.5-1.el5 set to be updated --> Processing Dependency: libevent-1.4.so.2 for package: memcached --> Finished Dependency Resolution memcached-1.4.5-1.el5.i386 from /memcached-1.4.5-1.el5.i386 has depsolving problems --> Missing Dependency: libevent-1.4.so.2 is needed by package memcached-1.4.5-1.el5.i386 (/memcached-1.4.5-1.el5.i386) Packages skipped because of dependency problems: memcached-1.4.5-1.el5.i386 from /memcached-1.4.5-1.el5.i386 EL5 has libevent-1.1a.so.1 but the package has been built against libevent-1.4.so.2 it seems...
we're rebuilding for EL-5.5 which has libevent 1.4, sadly there's no way to generate an RPM for EL-5.4 now... See the big long thread over at https://bugzilla.redhat.com/show_bug.cgi?id=563985
memcached-1.4.5-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update memcached'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/memcached-1.4.5-1.el5
memcached-1.4.5-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.