Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 226712

Summary: Unable to create new namespaces due to SELinux policy
Product: Red Hat Enterprise Linux 5 Reporter: Tim Potter <tpot>
Component: tog-pegasusAssignee: Vitezslav Crhonek <vcrhonek>
Status: CLOSED NOTABUG QA Contact: Jay Fenlason <fenlason>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: jfeeney, warren.otsuka
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-12 21:41:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Tim Potter 2007-02-01 04:27:42 UTC
Description of problem:

I'm trying to create some instances in the root/InterOp namespace using the
cimmof tool.  By default only the root, root/cimv2, root/PG_Internal and
root/PG_InterOp namespaces are created.  Pegasus tries to create the new
namespace in the repository by firstly creating a new directory which
unfortunately fails.

Here's the relevant lines from /var/log/audit/audit.log:

type=AVC msg=audit(1170299067.872:189): avc:  denied  { create } for  pid=19121
comm="cimserver" name="root#InterOp" scontext=user_u:system_r:pegasus_t:s0
tcontext=user_u:object_r:pegasus_data_t:s0 tclass=dir

type=SYSCALL msg=audit(1170299067.872:189): arch=c0000032 syscall=1055
success=no exit=-13 a0=2000000801abc730 a1=1ff a2=2000000800ba0158
a3=2000000801a53b00 items=0 ppid=1 pid=19121 auid=500 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="cimserver"
exe="/usr/sbin/cimserver" subj=user_u:system_r:pegasus_t:s0 key=(null)

My guess is that the tog-pegasus SELinux policy does not allow the creation of
directories in /var/lib/Pegasus/repository but I can't figure out the location
of the policy source files for the rhel5rcs7 release.

Version-Release number of selected component (if applicable):

tog-pegasus-2.5.2-4.el5

How reproducible:

# cimmof -n root/InterOp < /dev/null
Error: CIM_ERR_FAILED: A general error occurred that is not covered by a more
specific error code: "cannot create directory:
/var/lib/Pegasus/repository/root#InterOp"

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tim Potter 2007-02-01 04:53:47 UTC
Oh man now that I've typed all that in I understand bug 213809 and it's
basically the same thing.

I've been working against the latest release candidate snapshot though, not any
of the betas or rc1.

Comment 2 Vitezslav Crhonek 2007-09-25 10:20:39 UTC
Can you please check, if this bug is still present? With
tog-pegasus-2.6.1-2.el5, tog-pegasus-devel-2.6.1-2.el5,
selinux-policy-2.4.6-88.el5, selinux-policy-targeted-2.4.6-88.el5 it works for
me. This versions (or higher version of selinux-policy maybe) are in latest
RHEL5.1 beta. Bug #213809 is there fixed too. Thank you in advance.

Comment 3 Tim Potter 2008-02-12 21:41:26 UTC
Hi - the problem seems fixed now.  Thanks!