SELinux getattr denied messages for /var/openshift/quota.user when /var/openshift is on separate file system

Solution Unverified - Updated -

Issue

Since we activated SELinux we observe following messages in /var/log/messages:

Oct 21 15:07:01 NODE-01 kernel: type=1400 audit(1382360821.687:169637): avc:  denied  { getattr } for  pid=6608 comm="ruby" path="/var/lib/openshift/aquota.user" dev=dm-9 ino=12 scontext=system_u:system_r:openshift_cron_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:quota_db_t:s0 tclass=file

Those messages seems to be generated each time openshift cron jobs are executed.

Environment

  • OpenShift Enterprise 1.2
  • selinux-policy-targeted-3.7.19-195.el6_4.12.noarch

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content