Folks -
I'm the package maintainer for condor, and we've been trying to update our package and have run into a slew of SELinux issues under fedora 17 that we've never seen before and I was hoping some folks could help illuminate what some of the changes might have been, or if there are is a list of known issues.
There are ~34 errors which spew out now, when previous editions there were 0. I think they all stem from the 1st two though, any insight would be helpful.
-------------------------------------------------------------------------------------------
SELinux is preventing /usr/sbin/condor_master from create access on the directory condor.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that condor_master should be allowed create access on the condor directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep condor_master /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:condor_master_t:s0
Target Context system_u:object_r:var_lock_t:s0
Target Objects condor [ dir ]
Source condor_master
Source Path /usr/sbin/condor_master
Port <Unknown>
Host tstclair.redhat
Source RPM Packages condor-7.9.1-0.1.fc17.2.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-142.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name tstclair.redhat
Platform Linux tstclair.redhat 3.5.0-2.fc17.x86_64 #1 SMP
Mon Jul 30 14:48:59 UTC 2012 x86_64 x86_64
Alert Count 1
First Seen Fri 10 Aug 2012 12:24:56 PM CDT
Last Seen Fri 10 Aug 2012 12:24:56 PM CDT
Local ID 4551e46a-0828-4bb3-8c03-bd6dfe62ce8f
Raw Audit Messages
type=AVC msg=audit(1344619496.816:576): avc: denied { create } for pid=8190 comm="condor_master" name="condor" scontext=system_u:system_r:condor_master_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir
type=SYSCALL msg=audit(1344619496.816:576): arch=x86_64 syscall=mkdir success=yes exit=0 a0=1a7b200 a1=1ff a2=ffffffffffffffff a3=7fffbd04d6b0 items=0 ppid=1 pid=8190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=condor_master exe=/usr/sbin/condor_master subj=system_u:system_r:condor_master_t:s0 key=(null)
Hash: condor_master,condor_master_t,var_lock_t,dir,create
audit2allow
#============= condor_master_t ==============
allow condor_master_t var_lock_t:dir create;
audit2allow -R
#============= condor_master_t ==============
allow condor_master_t var_lock_t:dir create;
-------------------------------------------------------------------------------------------
Everything under that folder is created as condor:condor and the condor_master is running as condor, so I'm curious what the issue is?
Cheers,
Tim
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
