[Bugs] [Bug 1212923] [SELinux] [Snapshot] - Gluster/Snapshot creation fails when selinux is in Enforcing mode on RHEL-7.1

bugzilla at redhat.com bugzilla at redhat.com
Thu Jun 11 11:51:59 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1212923



--- Comment #16 from senaik at redhat.com ---
Snapshot creation is successful with SELinux in Enforcing mode on RHEL7.1 but I
see the following AVC logged in audit.log

--------------------Part of audit.log---------------------

type=SYSCALL msg=audit(1434024359.865:469285): arch=c000003e syscall=42
success=no exit=-13 a0=a a1=7f0eef7ad740 a2=6e a3=3d items=0 ppid=1 pid=1215
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python2.7"
subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1434024359.865:469286): avc:  denied  { write } for 
pid=1215 comm="setroubleshootd" name="log" dev="devtmpfs" ino=8426
scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:device_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1434024359.865:469286): arch=c000003e syscall=42
success=no exit=-13 a0=a a1=7f0eef7ad740 a2=6e a3=34 items=0 ppid=1 pid=1215
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python2.7"
subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1434024359.865:469287): avc:  denied  { write } for 
pid=1215 comm="setroubleshootd" name="log" dev="devtmpfs" ino=8426
scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:device_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1434024359.865:469287): arch=c000003e syscall=42
success=no exit=-13 a0=a a1=7f0eef7ad740 a2=6e a3=40 items=0 ppid=1 pid=1215
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python2.7"
subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)

-----------------------------------------------------------------
 cat audit.log |audit2allow


#============= audisp_t ==============
allow audisp_t device_t:sock_file write;

#============= auditd_t ==============
allow auditd_t device_t:sock_file write;

#============= setroubleshootd_t ==============
allow setroubleshootd_t device_t:sock_file write;

-----------------------------------------------------------------
rpm -qa |grep selinux
selinux-policy-3.13.1-26.el7.noarch
selinux-policy-targeted-3.13.1-26.el7.noarch
libselinux-utils-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TxArI70i2W&a=cc_unsubscribe

More information about the Bugs mailing list