Project

General

Profile

Actions
Copy link

Bug #14871

closed

selinux: handle lock files better

Added by Boris Ranto about 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
Boris Ranto
Category:
-
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

We are hitting a couple of denials like these. This suggests that our policy does not label the lock files properly and we should fix that.

type=AVC msg=audit(1454633044.929:3772): avc:  denied  { read } for  pid=21665 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=AVC msg=audit(1454632968.211:3627): avc:  denied  { read } for  pid=19972 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file'
type=AVC msg=audit(1454633046.524:3780): avc:  denied  { read } for  pid=21833 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file
type=AVC msg=audit(1454632969.542:3632): avc:  denied  { read } for  pid=20090 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file

Related issues 1 (0 open1 closed)

Copied from Ceph - Bug #14660: selinux denials during rbd test run ClosedBoris Ranto02/05/2016

Actions
Actions
Copy link

Also available in: Atom PDF