Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): cman-3.0.12.1-7.el6.i686 selinux-policy-3.7.19-105.el6.noarch selinux-policy-minimum-3.7.19-105.el6.noarch selinux-policy-mls-3.7.19-105.el6.noarch selinux-policy-targeted-3.7.19-105.el6.noarch How reproducible: always Steps to Reproduce: * run following automated test: /CoreOS/selinux-policy/Regression/bz271561-corosync-and-similar Actual results: ---- time->Mon Aug 1 14:54:24 2011 type=SYSCALL msg=audit(1312203264.437:19292): arch=40000003 syscall=5 success=no exit=-13 a0=952eab8 a1=8241 a2=1b6 a3=0 items=0 ppid=29898 pid=29900 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=8 comm="ccs_update_sche" exe="/bin/bash" subj=unconfined_u:system_r:corosync_t:s0 key=(null) type=AVC msg=audit(1312203264.437:19292): avc: denied { write } for pid=29900 comm="ccs_update_sche" name="cluster" dev=dm-0 ino=57629 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:cluster_var_lib_t:s0 tclass=dir ---- Expected results: * no AVCs
Fixed in selinux-policy-3.7.19-106.el6.noarch
*** Bug 727928 has been marked as a duplicate of this bug. ***
This issue appears to have regressed in selinux-policy-3.7.19-107.el6.noarch. [root@taft-01 ~]# rpm -q selinux-policy selinux-policy-3.7.19-107.el6.noarch [cmarthal@silver bin]$ qarsh root\@taft-01 cman_tool version -r Unable to update relaxng schema: /usr/sbin/ccs_update_schema: line 375: /var/lib/cluster/rng_update.lock: Permission denied cman_tool: Not reloading, generic error running ccs_config_validate Try re-running with -d options [root@taft-01 ~]# rpm -Uvh --force http://download.devel.redhat.com/brewroot///////////////////////packages/selinux-policy/3.7.19/106.el6/noarch/selinux-policy-3.7.19-106.el6.noarch.rpm http://download.devel.redhat.com/brewroot///////////////////////packages/selinux-policy/3.7.19/106.el6/noarch/selinux-policy-targeted-3.7.19-106.el6.noarch.rpm Retrieving http://download.devel.redhat.com/brewroot///////////////////////packages/selinux-policy/3.7.19/106.el6/noarch/selinux-policy-3.7.19-106.el6.noarch.rpm Retrieving http://download.devel.redhat.com/brewroot///////////////////////packages/selinux-policy/3.7.19/106.el6/noarch/selinux-policy-targeted-3.7.19-106.el6.noarch.rpm Preparing... ########################################### [100%] 1:selinux-policy ########################################### [ 50%] 2:selinux-policy-targeted########################################### [100%] [root@taft-01 ~]# rpm -q selinux-policy selinux-policy-3.7.19-106.el6.noarch [cmarthal@silver bin]$ qarsh root\@taft-01 cman_tool version -r [cmarthal@silver bin]$
What AVC are you getting with selinux-policy-3.7.19-107.el6.noarch?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1511.html