[Bugs] [Bug 1212923] [SELinux] [Snapshot] - Gluster/Snapshot creation fails when selinux is in Enforcing mode on RHEL-7.1

bugzilla at redhat.com bugzilla at redhat.com
Fri Jun 12 11:56:41 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1212923



--- Comment #18 from senaik at redhat.com ---
Hi Milos, 

Followed steps in comment15, I see the below AVC after snapshot creation:

type=AVC msg=audit(1434111195.127:16089268): avc:  denied  { getattr } for 
pid=27395 comm="xfs_db" path="/dev/dm-23" dev="devtmpfs" ino=21845028
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1434111195.127:16089268): arch=c000003e syscall=4
success=no exit=-13 a0=7fff292f4f15 a1=7fff292f2fb0 a2=7fff292f2fb0
a3=7fff292f2d30 items=0 ppid=27392 pid=27395 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xfs_db"
exe="/usr/sbin/xfs_db" subj=system_u:system_r:glusterd_t:s0 key=(null)
type=AVC msg=audit(1434111195.137:16089269): avc:  denied  { getattr } for 
pid=27400 comm="xfs_db" path="/dev/dm-24" dev="devtmpfs" ino=21845031
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=SYSCALL msg=audit(1434111195.137:16089269): arch=c000003e syscall=4
success=no exit=-13 a0=7fff15d2ef15 a1=7fff15d2ce90 a2=7fff15d2ce90
a3=7fff15d2cc10 items=0 ppid=27396 pid=27400 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="xfs_db"
exe="/usr/sbin/xfs_db" subj=system_u:system_r:glusterd_t:s0 key=(null)

cat audit.log |audit2allow


#============= glusterd_t ==============
allow glusterd_t fixed_disk_device_t:blk_file getattr;


rpm -qa |grep selinux
libselinux-utils-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
selinux-policy-3.13.1-27.el7.noarch
libselinux-2.2.2-6.el7.x86_64
selinux-policy-targeted-3.13.1-27.el7.noarch

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pPbplz5HL8&a=cc_unsubscribe


More information about the Bugs mailing list