[Bugs] [Bug 1212923] [SELinux] [Snapshot] - Gluster/Snapshot creation fails when selinux is in Enforcing mode on RHEL-7.1

bugzilla at redhat.com bugzilla at redhat.com
Mon Jun 15 11:39:12 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1212923



--- Comment #21 from senaik at redhat.com ---
Scheduler fails to create snapshots on RHEL7.1 when SELinux is in Enforcing
mode.

When SELinux is in Permissive mode, Scheduler creates snapshots but I see the
below AVC 

grep "AVC" /var/log/audit/audit.log
type=USER_AVC msg=audit(1434380101.086:4771): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received setenforce
notice (enforcing=0)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=?
terminal=?'
type=AVC msg=audit(1434385206.279:4911): avc:  denied  { getattr } for 
pid=12694 comm="xfs_db" path="/dev/dm-23" dev="devtmpfs" ino=271817
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=AVC msg=audit(1434385206.279:4912): avc:  denied  { read } for  pid=12694
comm="xfs_db" name="dm-23" dev="devtmpfs" ino=271817
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=AVC msg=audit(1434385206.279:4912): avc:  denied  { open } for  pid=12694
comm="xfs_db" path="/dev/dm-23" dev="devtmpfs" ino=271817
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=AVC msg=audit(1434385206.279:4913): avc:  denied  { write } for  pid=12694
comm="xfs_db" name="dm-23" dev="devtmpfs" ino=271817
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
type=AVC msg=audit(1434385206.279:4914): avc:  denied  { ioctl } for  pid=12694
comm="xfs_db" path="/dev/dm-23" dev="devtmpfs" ino=271817
scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

==============================================================

rpm -qa |grep selinux
selinux-policy-targeted-3.13.1-27.el7.noarch
libselinux-utils-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
libselinux-2.2.2-6.el7.x86_64
selinux-policy-3.13.1-27.el7.noarch

================================================================
cat audit.log |audit2allow 


#============= glusterd_t ==============
allow glusterd_t fixed_disk_device_t:blk_file { read write getattr open ioctl
};

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gWjZk67oVR&a=cc_unsubscribe

More information about the Bugs mailing list