Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 691654 - qpidd broker triggers SELinux AVCs avc: denied { search } for pid=27642 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
qpidd broker triggers SELinux AVCs avc: denied { search } for pid=27642 co...
Status: CLOSED DUPLICATE of bug 769352
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
Development
Unspecified Unspecified
high Severity high
: 2.1.2
: ---
Assigned To: Miroslav Grepl
Frantisek Reznicek
:
Depends On:
Blocks: 769352 783492 784337
  Show dependency treegraph
 
Reported: 2011-03-29 03:29 EDT by Frantisek Reznicek
Modified: 2015-11-15 20:13 EST (History)
7 users (show)

See Also:
Fixed In Version: selinux-policy-3.10.0-58.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 769352 (view as bug list)
Environment:
Last Closed: 2012-01-23 15:33:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0529 normal SHIPPED_LIVE Moderate: Red Hat Enterprise MRG Messaging 2.1 security and enhancement update 2012-04-30 17:48:25 EDT

  None (edit)
Description Frantisek Reznicek 2011-03-29 03:29:01 EDT 
Description of problem:

qpidd service started the recommended way (service qpidd <action>) triggers reliably following RHEL 6.1 SELinux AVC:
type=AVC msg=audit(1301383207.124:38396): avc:  denied  { search } for  pid=27642 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir

This case is observed on RHEL 6.1 beta i386 / x86_64 only.


Version-Release number of selected component (if applicable):
[root@mrg-qe-10 ~]# rpm -qa | grep -E '(qpid|qmf|sesame)'
ruby-qpid-0.7.946106-2.el6.x86_64
qpid-tests-0.10-1.el6.noarch
ruby-qpid-qmf-0.10-4.el6.x86_64
qpid-cpp-server-ssl-0.10-1.el6.x86_64
rh-qpid-cpp-tests-0.10-1.el6.x86_64
qpid-cpp-client-0.10-1.el6.x86_64
python-qpid-qmf-0.10-4.el6.x86_64
qpid-cpp-client-rdma-0.10-1.el6.x86_64
qpid-java-common-0.10-1.el6.noarch
qpid-qmf-devel-0.10-4.el6.x86_64
qpid-cpp-server-xml-0.10-1.el6.x86_64
qpid-cpp-server-store-0.10-1.el6.x86_64
qpid-qmf-0.10-4.el6.x86_64
qpid-java-client-0.10-1.el6.noarch
qpid-cpp-server-devel-0.10-1.el6.x86_64
qpid-cpp-server-cluster-0.10-1.el6.x86_64
qpid-cpp-client-devel-docs-0.10-1.el6.noarch
qpid-cpp-server-0.10-1.el6.x86_64
python-qpid-0.10-1.el6.noarch
qpid-cpp-server-rdma-0.10-1.el6.x86_64
qpid-cpp-client-ssl-0.10-1.el6.x86_64
qpid-cpp-client-devel-0.10-1.el6.x86_64
qpid-java-example-0.10-1.el6.noarch
qpid-tools-0.10-1.el6.noarch
sesame-0.10-1.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
see bottom section for steps
  
Actual results:
qpidd broker daemon triggers SELinux AVCs.

Expected results:
qpidd broker daemon should not trigger SELinux AVCs.

Additional info (steps):
[root@mrg-qe-10 ~]# rm -f /var/log/audit/audit.log
[root@mrg-qe-10 ~]# service auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]
[root@mrg-qe-10 ~]# grep AVC /var/log/audit/audit.log
[root@mrg-qe-10 ~]# service qpidd restart
Stopping Qpid AMQP daemon:                                 [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
[root@mrg-qe-10 ~]# grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1301383207.124:38396): avc:  denied  { search } for  pid=27642 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
[root@mrg-qe-10 ~]# getenforce
Enforcing
[root@mrg-qe-10 ~]# rpm -qa | grep -E '(qpid|qmf|sesame)'
ruby-qpid-0.7.946106-2.el6.x86_64
qpid-tests-0.10-1.el6.noarch
ruby-qpid-qmf-0.10-4.el6.x86_64
qpid-cpp-server-ssl-0.10-1.el6.x86_64
rh-qpid-cpp-tests-0.10-1.el6.x86_64
qpid-cpp-client-0.10-1.el6.x86_64
python-qpid-qmf-0.10-4.el6.x86_64
qpid-cpp-client-rdma-0.10-1.el6.x86_64
qpid-java-common-0.10-1.el6.noarch
qpid-qmf-devel-0.10-4.el6.x86_64
qpid-cpp-server-xml-0.10-1.el6.x86_64
qpid-cpp-server-store-0.10-1.el6.x86_64
qpid-qmf-0.10-4.el6.x86_64
qpid-java-client-0.10-1.el6.noarch
qpid-cpp-server-devel-0.10-1.el6.x86_64
qpid-cpp-server-cluster-0.10-1.el6.x86_64
qpid-cpp-client-devel-docs-0.10-1.el6.noarch
qpid-cpp-server-0.10-1.el6.x86_64
python-qpid-0.10-1.el6.noarch
qpid-cpp-server-rdma-0.10-1.el6.x86_64
qpid-cpp-client-ssl-0.10-1.el6.x86_64
qpid-cpp-client-devel-0.10-1.el6.x86_64
qpid-java-example-0.10-1.el6.noarch
qpid-tools-0.10-1.el6.noarch
sesame-0.10-1.el6.x86_64
[root@mrg-qe-10 ~]# uname -a
Linux mrg-qe-10.lab.eng.brq.redhat.com 2.6.32-125.el6.x86_64 #1 SMP Mon Mar 21 10:06:08 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@mrg-qe-10 ~]# head -1 /etc/issue
Red Hat Enterprise Linux Server release 6.1 Beta (Santiago)
Comment 1 Frantisek Reznicek 2011-06-10 09:09:00 EDT 
an update, issue pending on packages:
[root@dhcp-26-228 examples]# rpm -qa | grep -E '(qpid|qmf|sesame)' | sort
libvirt-qpid-0.2.22-6.el6.i686
python-qpid-0.10-1.el6.noarch
python-qpid-qmf-0.10-10.el6.i686
qpid-cpp-client-0.10-6.el6.i686
qpid-cpp-client-devel-0.10-6.el6.i686
qpid-cpp-client-devel-docs-0.10-6.el6.noarch
qpid-cpp-client-rdma-0.10-6.el6.i686
qpid-cpp-client-ssl-0.10-6.el6.i686
qpid-cpp-debuginfo-0.10-6.el6.i686
qpid-cpp-server-0.10-6.el6.i686
qpid-cpp-server-cluster-0.10-6.el6.i686
qpid-cpp-server-devel-0.10-6.el6.i686
qpid-cpp-server-rdma-0.10-6.el6.i686
qpid-cpp-server-ssl-0.10-6.el6.i686
qpid-cpp-server-store-0.10-6.el6.i686
qpid-cpp-server-xml-0.10-6.el6.i686
qpid-java-client-0.10-6.el6.noarch
qpid-java-common-0.10-6.el6.noarch
qpid-java-example-0.10-6.el6.noarch
qpid-java-jca-0.10-6.el6.noarch
qpid-qmf-0.10-10.el6.i686
qpid-qmf-debuginfo-0.10-10.el6.i686
qpid-qmf-devel-0.10-10.el6.i686
qpid-tests-0.10-1.el6.noarch
qpid-tools-0.10-5.el6.noarch
rh-qpid-cpp-tests-0.10-6.el6.i686
ruby-qpid-0.7.946106-2.el6.i686
ruby-qpid-qmf-0.10-10.el6.i686
sesame-0.10-1.el6.i686
sesame-debuginfo-0.10-1.el6.i686


The AVC is detected after 'service qpidd start' as shows below transcript:
  [root@dhcp-26-228 examples]# grep -i AVC /var/log/audit/audit.log
  type=AVC msg=audit(1307710727.291:785): avc:  denied  { search } for  pid=30286 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  [root@dhcp-26-228 examples]# tail -5 /etc/qpidd.conf
  # "qpidd --help" or "man qpidd" for more details.
  cluster-mechanism=ANONYMOUS
  auth=no
  #cluster-name=X
  
  [root@dhcp-26-228 examples]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-26-228 examples]# grep -i AVC /var/log/audit/audit.log
  type=AVC msg=audit(1307710727.291:785): avc:  denied  { search } for  pid=30286 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  type=AVC msg=audit(1307710825.207:798): avc:  denied  { search } for  pid=30328 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  
  [root@dhcp-26-228 examples]# service qpidd stop
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-26-228 examples]# grep -i AVC /var/log/audit/audit.log
  type=AVC msg=audit(1307710727.291:785): avc:  denied  { search } for  pid=30286 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  type=AVC msg=audit(1307710825.207:798): avc:  denied  { search } for  pid=30328 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  [root@dhcp-26-228 examples]# service qpidd start
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-26-228 examples]# grep -i AVC /var/log/audit/audit.log
  type=AVC msg=audit(1307710727.291:785): avc:  denied  { search } for  pid=30286 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  type=AVC msg=audit(1307710825.207:798): avc:  denied  { search } for  pid=30328 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  type=AVC msg=audit(1307710861.195:819): avc:  denied  { search } for  pid=30384 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  [root@dhcp-26-228 examples]# ps auxZ | grep qpidd
  unconfined_u:system_r:qpidd_t:s0 qpidd   30384  0.1  1.7  51916  6752 ?        Ssl  15:01   0:00 /usr/sbin/qpidd --data-dir /var/lib/qpidd --daemon
  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 30419 0.0  0.1 4328 740 pts/2 S+ 15:01   0:00 grep qpidd
  
  [root@dhcp-26-228 examples]# uname -a
  Linux dhcp-26-228... 2.6.32-131.0.15.el6.i686 #1 SMP Tue May 10 15:42:28 EDT 2011 i686 i686 i386 GNU/Linux
  [root@dhcp-26-228 examples]# head -1 /etc/issue
  Red Hat Enterprise Linux Server release 6.1 (Santiago)
Comment 2 Stanislav Graf 2011-10-06 06:08:06 EDT 
The same problem here on both RHEL6 i386/x86_64, all packages updated from RHN to latest version:

# grep AVC /var/log/audit/audit.log
# service qpidd restart
Stopping Qpid AMQP daemon:                                 [FAILED]
Starting Qpid AMQP daemon: Daemon startup failed: Failed to initialize CPG.: library (2)
                                                           [FAILED]
# grep AVC /var/log/audit/audit.log
type=AVC msg=audit(1317898912.634:26262): avc:  denied  { search } for  pid=1886 comm="qpidd" name="/" dev=tmpfs ino=5531 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
# getenforce 
Enforcing

# rpm -qa | grep -E '(qpid|qmf|sesame)' | sort
python-qpid-0.10-1.el6.noarch
python-qpid-qmf-0.10-10.el6.i686
qpid-cpp-client-0.10-6.el6.i686
qpid-cpp-client-devel-0.10-6.el6.i686
qpid-cpp-client-devel-docs-0.10-6.el6.noarch
qpid-cpp-client-rdma-0.10-6.el6.i686
qpid-cpp-client-ssl-0.10-6.el6.i686
qpid-cpp-debuginfo-0.10-6.el6.i686
qpid-cpp-server-0.10-6.el6.i686
qpid-cpp-server-cluster-0.10-6.el6.i686
qpid-cpp-server-devel-0.10-6.el6.i686
qpid-cpp-server-rdma-0.10-6.el6.i686
qpid-cpp-server-ssl-0.10-6.el6.i686
qpid-cpp-server-store-0.10-6.el6.i686
qpid-cpp-server-xml-0.10-6.el6.i686
qpid-java-client-0.10-9.el6.noarch
qpid-java-common-0.10-9.el6.noarch
qpid-java-example-0.10-9.el6.noarch
qpid-qmf-0.10-10.el6.i686
qpid-tools-0.10-5.el6.noarch
rh-qpid-cpp-tests-0.10-6.el6.i686
sesame-0.10-1.el6.i686
Comment 3 Frantisek Reznicek 2011-11-07 08:24:13 EST 
The issue is still pending on
python-qpid-0.12-1.el6.noarch
python-qpid-qmf-0.12-6.el6.i686
qpid-cpp-*0.12-6.el6.i686
qpid-java-*0.10-11.el6.noarch
qpid-qmf-0.12-6.el6.i686
qpid-qmf-debuginfo-0.12-6.el6.i686
qpid-qmf-devel-0.12-6.el6.i686
qpid-tests-0.12-1.el6.noarch
qpid-tools-0.12-2.el6.noarch
rh-qpid-cpp-tests-0.12-6.el6.i686
ruby-qpid-0.7.946106-2.el6.i686
ruby-qpid-qmf-0.12-6.el6.i686
Comment 4 Frantisek Reznicek 2011-11-11 11:03:11 EST 
The issue is visible only if clustering is enabled by cluster-name=<name> as shows following transcript:
  [root@dhcp-lab-231 ~]# setenforce 0
  [root@dhcp-lab-231 ~]# htop
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-lab-231 ~]# setenforce 1
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon: Daemon startup failed: Failed to initialize CPG.: library (2)
                                                            [FAILED]
  [root@dhcp-lab-231 ~]# setenforce 0
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-lab-231 ~]# service qpidd stop
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-lab-231 ~]# vi /etc/qpidd.conf
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-lab-231 ~]# qpid-stat -b
  Brokers
    broker          cluster       uptime  conn  sess  exch  queue
    ===============================================================
    localhost:5672  <standalone>  10s        1     1     8    12
  [root@dhcp-lab-231 ~]# setenforce 1
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  [root@dhcp-lab-231 ~]# getenforce
  Enforcing
  [root@dhcp-lab-231 ~]# qpid-stat -b
  Brokers
    broker          cluster       uptime  conn  sess  exch  queue
    ===============================================================
    localhost:5672  <standalone>  15s        1     1     8    12
  [root@dhcp-lab-231 ~]# getenforce
  Enforcing
  [root@dhcp-lab-231 ~]# service qpidd restart
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
Comment 5 Daniel Walsh 2011-11-18 09:25:42 EST 
This is an SELinux policy issue.

We have

dev_read_sysfs(qpidd_t)

in Fedora policy.  We need to back port qpidd policy from Fedora 16 to RHEL6
Comment 6 Miroslav Grepl 2011-11-21 04:40:26 EST 
Fixed in selinux-policy-3.10.0-58.fc16
Comment 9 Frantisek Reznicek 2011-12-20 05:49:47 EST 
I'm not clear whether the change was applied to selinux-policy-3.7.19-126.el6.noarch.

But as behavior slightly changed it looks it was.

The behavior of qpid 0.14 on RHEL 6.2 is slightly better but still producing AVCs, see detailed list below...

-> ASSIGNED


# Installed packages
  [root@dhcp-27-49 ~]# uname -a
  Linux dhcp-27-49.brq.redhat.com 2.6.32-220.el6.i686 #1 SMP Wed Nov 9 08:02:18 EST 2011 i686 i686 i386 GNU/Linux
  [root@dhcp-27-49 ~]# rpm -q selinux-policy
  selinux-policy-3.7.19-126.el6.noarch
  [root@dhcp-27-49 ~]# rpm -qa | egrep 'qpid|sesame|corosync' | sort
  corosync-1.4.1-4.el6.i686
  corosynclib-1.4.1-4.el6.i686
  corosynclib-devel-1.4.1-4.el6.i686
  python-qpid-0.14-1.el6.noarch
  python-qpid-qmf-0.14-2.el6.i686
  qpid-cpp-client-0.14-1.el6.i686
  qpid-cpp-client-devel-0.14-1.el6.i686
  qpid-cpp-client-rdma-0.14-1.el6.i686
  qpid-cpp-client-ssl-0.14-1.el6.i686
  qpid-cpp-debuginfo-0.14-1.el6.i686
  qpid-cpp-server-0.14-1.el6.i686
  qpid-cpp-server-cluster-0.14-1.el6.i686
  qpid-cpp-server-devel-0.14-1.el6.i686
  qpid-cpp-server-rdma-0.14-1.el6.i686
  qpid-cpp-server-ssl-0.14-1.el6.i686
  qpid-cpp-server-store-0.14-1.el6.i686
  qpid-cpp-server-xml-0.14-1.el6.i686
  qpid-java-client-0.14-1.el6.noarch
  qpid-java-common-0.14-1.el6.noarch
  qpid-java-example-0.14-1.el6.noarch
  qpid-qmf-0.14-2.el6.i686
  qpid-qmf-debuginfo-0.14-2.el6.i686
  qpid-qmf-devel-0.14-2.el6.i686
  qpid-tests-0.14-1.el6.noarch
  qpid-tools-0.14-1.el6.noarch
  rh-qpid-cpp-tests-0.14-1.el6.i686
  ruby-qpid-qmf-0.14-2.el6.i686
  sesame-1.0-2.el6.i686
  sesame-debuginfo-1.0-2.el6.i686


# IPTABLES does not affect tests

  [root@dhcp-27-49 ~]# service iptables status
  iptables: Firewall is not running.


# TEST qpidd without clustering
# Results: AVC detected and dependent on Selinux mode...

  [root@dhcp-27-49 ~]# service qpidd stop
  Stopping Qpid AMQP daemon:                                 [FAILED]
  [root@dhcp-27-49 ~]# function foo () {
  > setenforce $1
  > getenforce
  > rm -f /var/log/audit/audit.log
  > service auditd restart
  > grep AVC /var/log/audit/audit.log
  > service qpidd restart
  > grep AVC /var/log/audit/audit.log
  > pidof qpidd
  > netstat -nlp | grep qpidd
  > }
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]# cat /etc/qpidd.conf
  
  log-enable=info+
  mgmt-pub-interval=5
  log-to-file=/var/lib/qpidd/qpidd.log
  #cluster-name=mycluster
  auth=no
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2795
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2795/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2795/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2875
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2875/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2875/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2955
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2955/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2955/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3035
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3035/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3035/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3115
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3115/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3115/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3195
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3195/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3195/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3275
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3275/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3275/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3355
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3355/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3355/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3435
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3435/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3435/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3515
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3515/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3515/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3595
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3595/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3595/qpidd
  [root@dhcp-27-49 ~]# foo 1
  Enforcing
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377039.684:490): avc:  denied  { search } for  pid=3675 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  3675
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3675/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3675/qpidd
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]# foo 1
  Enforcing
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377060.632:506): avc:  denied  { search } for  pid=3755 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  3755
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3755/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3755/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377064.806:523): avc:  denied  { search } for  pid=3835 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  3835
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3835/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3835/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  3915
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3915/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3915/qpidd
  [root@dhcp-27-49 ~]# foo 1
  Enforcing
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377072.234:555): avc:  denied  { search } for  pid=3995 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  3995
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      3995/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      3995/qpidd
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377075.718:572): avc:  denied  { search } for  pid=4075 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  4075
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      4075/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      4075/qpidd
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]# foo 0
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Stopping Qpid AMQP daemon:                                 [  OK  ]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  4155
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      4155/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      4155/qpidd
  [root@dhcp-27-49 ~]#


# TEST qpidd with clustering (corosync)
# Results: AVC detected and dependent on Selinux mode...
#          Special set of AVCs detected during first cluster node start
# Note: just one cluster member

  [root@dhcp-27-49 ~]# vi /etc/qpidd.conf
  [root@dhcp-27-49 ~]# cat /etc/qpidd.conf
  
  log-enable=info+
  mgmt-pub-interval=5
  log-to-file=/var/lib/qpidd/qpidd.log
  cluster-name=mycluster
  auth=no
  [root@dhcp-27-49 ~]# rm -rf /var/lib/qpidd/*cluster* /var/lib/qpidd/rhm/ /var/lib/qpidd/.qpidd/ /var/lib/qpidd/lock
  [root@dhcp-27-49 ~]# service qpidd stop
  Stopping Qpid AMQP daemon:                                 [FAILED]
  [root@dhcp-27-49 ~]# function foo () {
  > setenforce $1
  > getenforce
  > rm -f /var/log/audit/audit.log
  > service auditd restart
  > grep AVC /var/log/audit/audit.log
  >
  > if [ -n "$2" ]; then
  >   service corosync restart
  >   grep AVC /var/log/audit/audit.log
  > fi
  >
  > service qpidd restart
  > grep AVC /var/log/audit/audit.log
  > pidof qpidd
  > netstat -nlp | grep qpidd
  > }
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:.                  [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324377453.392:690): avc:  denied  { search } for  pid=4717 comm="qpidd" name="/" dev=tmpfs ino=5384 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324377453.392:690): avc:  denied  { write } for  pid=4717 comm="qpidd" name="/" dev=tmpfs ino=5384 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324377453.392:690): avc:  denied  { add_name } for  pid=4717 comm="qpidd" name="control_buffer-ZHFGex" scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324377453.392:690): avc:  denied  { create } for  pid=4717 comm="qpidd" name="control_buffer-ZHFGex" scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file
  type=AVC msg=audit(1324377453.392:690): avc:  denied  { read write open } for  pid=4717 comm="qpidd" name="control_buffer-ZHFGex" dev=tmpfs ino=21998 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file
  type=AVC msg=audit(1324377453.405:691): avc:  denied  { search } for  pid=4717 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  4717
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      4717/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      4717/qpidd
  [root@dhcp-27-49 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:.                  [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  4827
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      4827/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      4827/qpidd
  [root@dhcp-27-49 ~]#
  [root@dhcp-27-49 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:.                  [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  4937
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      4937/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      4937/qpidd
  [root@dhcp-27-49 ~]# foo 1 1
  Enforcing
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:.                  [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon: Daemon startup failed: Failed to initialize CPG.: library (2)
  2011-12-20 11:38:07 critical Unexpected error: Daemon startup failed: Failed to initialize CPG.: library (2)
                                                            [FAILED]
  type=AVC msg=audit(1324377487.007:738): avc:  denied  { search } for  pid=5047 comm="qpidd" name="/" dev=tmpfs ino=5384 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Comment 10 Frantisek Reznicek 2011-12-20 06:00:04 EST 
Similar results are seen on RHEL 6.2 x86_64.

Below data show that selinux policy is not reliably fixed (3rd run)

# Installed packages
  [root@dhcp-27-50 ~]# rpm -q selinux-policy
  selinux-policy-3.7.19-126.el6.noarch
  [root@dhcp-27-50 ~]# rpm -qa | egrep 'qpid|sesame|corosync' | sort
  corosync-1.4.1-4.el6.x86_64
  corosynclib-1.4.1-4.el6.x86_64
  python-qpid-0.14-1.el6.noarch
  python-qpid-qmf-0.14-2.el6.x86_64
  qpid-cpp-client-0.14-1.el6.x86_64
  qpid-cpp-client-devel-0.14-1.el6.x86_64
  qpid-cpp-client-rdma-0.14-1.el6.x86_64
  qpid-cpp-client-ssl-0.14-1.el6.x86_64
  qpid-cpp-debuginfo-0.14-1.el6.x86_64
  qpid-cpp-server-0.14-1.el6.x86_64
  qpid-cpp-server-cluster-0.14-1.el6.x86_64
  qpid-cpp-server-devel-0.14-1.el6.x86_64
  qpid-cpp-server-rdma-0.14-1.el6.x86_64
  qpid-cpp-server-ssl-0.14-1.el6.x86_64
  qpid-cpp-server-store-0.14-1.el6.x86_64
  qpid-cpp-server-xml-0.14-1.el6.x86_64
  qpid-java-client-0.14-1.el6.noarch
  qpid-java-common-0.14-1.el6.noarch
  qpid-java-example-0.14-1.el6.noarch
  qpid-java-jca-0.10-11.el6.noarch
  qpid-java-jca-zip-0.10-11.el6.noarch
  qpid-qmf-0.14-2.el6.x86_64
  qpid-qmf-debuginfo-0.14-2.el6.x86_64
  qpid-qmf-devel-0.14-2.el6.x86_64
  qpid-tests-0.14-1.el6.noarch
  qpid-tools-0.14-1.el6.noarch
  rh-qpid-cpp-tests-0.14-1.el6.x86_64
  ruby-qpid-qmf-0.14-2.el6.x86_64
  sesame-1.0-2.el6.x86_64
  sesame-debuginfo-1.0-2.el6.x86_64
  [root@dhcp-27-50 ~]# uname -a
  Linux dhcp-27-50.brq.redhat.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux


# TEST qpidd with clustering (corosync)
# Results: AVC detected and dependent on Selinux mode...
#          Special set of AVCs detected during first cluster node start
#          Different behavior during repetitive operations foo 0 1 (i.e. permissive with corosync restart)
# Note: just one cluster member

  [root@dhcp-27-50 ~]# cat /etc/qpidd.conf
  
  log-enable=info+
  mgmt-pub-interval=5
  log-to-file=/var/lib/qpidd/qpidd.log
  cluster-name=mycluster
  auth=no
  
  [root@dhcp-27-50 ~]# function foo () {
  > setenforce $1
  > getenforce
  > rm -f /var/log/audit/audit.log
  > service auditd restart
  > grep AVC /var/log/audit/audit.log
  >
  > if [ -n "$2" ]; then
  >   service corosync restart
  >   grep AVC /var/log/audit/audit.log
  > fi
  >
  > service qpidd restart
  > grep AVC /var/log/audit/audit.log
  > pidof qpidd
  > netstat -nlp | grep qpidd
  > }
  [root@dhcp-27-50 ~]# rm -rf /var/lib/qpidd/*cluster* /var/lib/qpidd/rhm/ /var/lib/qpidd/.qpidd/ /var/lib/qpidd/lock
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324378256.380:111): avc:  denied  { search } for  pid=1731 comm="qpidd" name="/" dev=tmpfs ino=5271 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324378256.380:111): avc:  denied  { write } for  pid=1731 comm="qpidd" name="/" dev=tmpfs ino=5271 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324378256.380:111): avc:  denied  { add_name } for  pid=1731 comm="qpidd" name="control_buffer-VK2uPX" scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
  type=AVC msg=audit(1324378256.380:111): avc:  denied  { create } for  pid=1731 comm="qpidd" name="control_buffer-VK2uPX" scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file
  type=AVC msg=audit(1324378256.380:111): avc:  denied  { read write open } for  pid=1731 comm="qpidd" name="control_buffer-VK2uPX" dev=tmpfs ino=13288 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file
  1731
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      1731/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      1731/qpidd
  [root@dhcp-27-50 ~]#
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  1839
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      1839/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      1839/qpidd
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  type=AVC msg=audit(1324378269.450:142): avc:  denied  { search } for  pid=1947 comm="qpidd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
  1947
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      1947/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      1947/qpidd
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2055
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2055/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2055/qpidd
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2163
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2163/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2163/qpidd
  [root@dhcp-27-50 ~]# foo 0 1
  Permissive
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:                   [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon:                                 [  OK  ]
  2271
  tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      2271/qpidd
  tcp        0      0 :::5672                     :::*                        LISTEN      2271/qpidd
  [root@dhcp-27-50 ~]# foo 1 1
  Enforcing
  Stopping auditd:                                           [  OK  ]
  Starting auditd:                                           [  OK  ]
  Signaling Corosync Cluster Engine (corosync) to terminate: [  OK  ]
  Waiting for corosync services to unload:.                  [  OK  ]
  Starting Corosync Cluster Engine (corosync):               [  OK  ]
  Stopping Qpid AMQP daemon:                                 [FAILED]
  Starting Qpid AMQP daemon: Daemon startup failed: Failed to initialize CPG.: library (2)
  2011-12-20 11:51:41 critical Unexpected error: Daemon startup failed: Failed to initialize CPG.: library (2)
                                                            [FAILED]
  type=AVC msg=audit(1324378301.934:204): avc:  denied  { search } for  pid=2380 comm="qpidd" name="/" dev=tmpfs ino=5271 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
Comment 11 Miroslav Grepl 2011-12-20 07:02:36 EST 
Could you clone this on selinux-policy component?
Comment 12 Frantisek Reznicek 2011-12-20 10:05:03 EST 
(In reply to comment #11)
> Could you clone this on selinux-policy component?

cloned as bug 769352
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.