990024 – SELinux prevents sourceRoute.sh access '/var/run/vdsm'

Bug 990024 - SELinux prevents sourceRoute.sh access '/var/run/vdsm'

Summary: SELinux prevents sourceRoute.sh access '/var/run/vdsm'

Keywords:
Status:	CLOSED DUPLICATE of bug 977856
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	vdsm
Sub Component:
Version:	3.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Dan Kenigsberg
QA Contact:	Haim
Docs Contact:
URL:
Whiteboard:
Depends On:	977856
Blocks:
TreeView+	depends on / blocked

Reported:	2013-07-30 09:24 UTC by Mark Wu
Modified:	2013-07-30 10:57 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-30 09:31:48 UTC
oVirt Team:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
sealert.log (2.16 KB, text/x-log) 2013-07-30 09:24 UTC, Mark Wu	no flags	Details
View All

Description Mark Wu 2013-07-30 09:24:29 UTC

Created attachment 780476 [details]
sealert.log

Description of problem:
SourceRoute can't be added by dhclient script because of selinux.

Related logs:
/var/log/vdsm/supervdsm.log:
MainProcess|Thread-16::DEBUG::2013-07-30 04:35:51,421::utils::505::root::(execCmd) SUCCESS: <err> = '/etc/dhcp/dhclient.d/sourceRoute.sh: line 6: /var/run/vdsm/sourceRoutes/1375173351: Permission denied\n'; <rc> = 0

/var/log/message:
Jul 28 22:52:42 localhost setroubleshoot: SELinux is preventing /usr/bin/bash from search access on the directory vdsm. For complete SELinux messages. run sealert -l f278d81c-b264-4d42-92dc-b6c624f4f5c9




Version-Release number of selected component (if applicable):
Host: fedora19
selinux-policy-3.12.1-54.fc19

How reproducible:
100%

Steps to Reproduce:
1. configure a network with bootproto=dhcp.

Actual results:


Expected results:


Additional info:

Comment 1 Mark Wu 2013-07-30 09:31:48 UTC


*** This bug has been marked as a duplicate of bug 977856 ***

Comment 2 Dan Kenigsberg 2013-07-30 10:57:05 UTC

(In reply to Mark Wu from comment #1)
> 
> *** This bug has been marked as a duplicate of bug 977856 ***

Thanks anyway. We do need to require the newer selinux policy built due to bug 977856!

Note You need to log in before you can comment on or make changes to this bug.