Description of problem: For an old existing application, after server upgrade and migrate, /sandbox is still not root owned. Version-Release number of selected component (if applicable): on INT, devenv How reproducible: Always Steps to Reproduce: 1. Launch an old instance and create applications that cover all cartridges 2. Do server upgrade and migrate 3. ssh into old applications, ls -Zd /sandbox/ 4. Create new applications and then repeat step 3 Actual results: For old existing apps(all cartridges, including zend-5.6), /sandbox is not root owned. [zend1-jhouup.dev.rhcloud.com ~]\> ls -Zd /sandbox/ drwxrwxrwt. b642327973a74b23ab395daf80450cb6 root system_u:object_r:libra_tmp_t:s0:c0,c531 /sandbox/ For newly created zend-5.6 app, /sandbox is root owned [zend3-jhouup.dev.rhcloud.com ~]\> ls -Zd /sandbox/ drwxr-xr-x. root root system_u:object_r:libra_tmp_t:s0:c0,c537 /sandbox/ For newly created other cartriges, /sandbox is root owned, but user has access to it [phpapp-jhouup.dev.rhcloud.com ~]\> ls -Zd /sandbox/ drwxrwxrwt. root root system_u:object_r:libra_tmp_t:s0:c0,c535 /sandbox/ Expected results: /sandbox should be root owned, and the permissions should be like: drwxr-xr-t. root root unconfined_u:object_r:libra_tmp_t:s0:c0,c1001 /sandbox/ Additional info: Launched new devenv build, and this problem is not reproduced. It is reproduced when upgrading from an older instance. This problem exists for all cartridges. Need upgrade and migration to resolve.
Release ticket updated with migration steps in comment #5.
Verified this with work around script After upgrade, run: grep ':libra guest:' /etc/passwd | \ cut -f 1 -d : | \ while read dn; do \ t="/var/lib/stickshift/${dn}/.sandbox/${dn}"; \ mkdir -p "$t"; \ chown root:root "$t"; \ chmod 1755 "$t"; \ done to fix /sandbox ownership and migrate Then check applications of all cartridges, now /sandbox is root owned. [ruby19-234u.dev.rhcloud.com ~]\> ls -Zd /sandbox/ drwxr-xr-t. root root system_u:object_r:libra_tmp_t:s0:c0,c509 /sandbox/