Actions
Bug #14871
closedselinux: handle lock files better
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
We are hitting a couple of denials like these. This suggests that our policy does not label the lock files properly and we should fix that.
type=AVC msg=audit(1454633044.929:3772): avc: denied { read } for pid=21665 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=AVC msg=audit(1454632968.211:3627): avc: denied { read } for pid=19972 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file' type=AVC msg=audit(1454633046.524:3780): avc: denied { read } for pid=21833 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file type=AVC msg=audit(1454632969.542:3632): avc: denied { read } for pid=20090 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
Actions