Hide Forgot
Description of problem: As per bug #836311 comment #30 this has been moved to this separate RHBZ: type=AVC msg=audit(1363694647.207:432387): avc: denied { search } for pid=32588 comm="mysqld_safe" name="root" dev=sda1 ino=1314605 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:rgmanager_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1363694647.207:432387): arch=x86_64 syscall=stat success=no exit=EACCES a0=4a3b4b a1=7fff999df260 a2=7fff999df260 a3=39e5d37110 items=0 ppid=7112 pid=32588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mysqld_safe exe=2F62696E2F62617368202864656C6574656429 subj=system_u:system_r:mysqld_safe_t:s0 key=(null) type=AVC msg=audit(1363694697.319:96081): avc: denied { search } for pid=20910 comm="mysqld_safe" name="heartbeat" dev=sda1 ino=3153187 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:rgmanager_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1363694697.319:96081): arch=x86_64 syscall=stat success=no exit=EACCES a0=1c6fd80 a1=7fffd37a7940 a2=7fffd37a7940 a3=4 items=0 ppid=20878 pid=20910 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mysqld_safe exe=/bin/bash subj=system_u:system_r:mysqld_safe_t:s0 key=(null) type=AVC msg=audit(1363694697.836:96126): avc: denied { search } for pid=21017 comm="mysqld" name="root" dev=sda1 ino=3153191 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:rgmanager_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1363694697.836:96126): arch=x86_64 syscall=stat success=no exit=EACCES a0=7fff733d7860 a1=7fff733d47c0 a2=7fff733d47c0 a3=fffffffffffffffd items=0 ppid=20910 pid=21017 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mysqld exe=/usr/libexec/mysqld subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC msg=audit(1363623429.464:75833): avc: denied { search } for pid=4148 comm="squid" name="root" dev=sda1 ino=394795 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:rgmanager_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1363623429.464:75833): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fff5184dad0 a1=7fff5184ba30 a2=7fe12b610010 a3=7fff5184d840 items=0 ppid=4147 pid=4148 auid=4294967295 uid=0 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) ses=4294967295 comm=squid exe=/usr/sbin/squid subj=system_u:system_r:squid_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-3.7.19-195.el6_4.3.noarch selinux-policy-targeted-3.7.19-195.el6_4.3.noarch How reproducible: Everytime, heartbeat v1 setup as described in bug #836311 with latest SELinux policy from RHEL 6.4. Actual results: Some AVC denied. Expected results: No AVC denieds.
This is cross-referenced with Red Hat customer portal, case 00668208
Robert, does it only want to search these dirs?
Miroslav, how do I figure out this best? This is the only AVC denieds as it seems at least. Suggestions how to track down? Try dontaudits, enforce and see and try if it is as expected? Unfortunately nearly all of the affected systems are productive...
Probably the best is make a domain as permissive domains. # semanage permissive -a DOMAIN re-test # ausearch -m avc -ts recent # semanage permissive -d DOMAIN But actually no need in this case. I am adding fixes to Fedora and will back port them.
I think it would be enough to make them dontaudit, because it seems to work fine how it is (enforced).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html