Bug ID 965041: SELinux permission issues leads to daemon startup failure

Last Modified: Jan 29, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 16.0.0, 16.0.0.1, 16.0.1

Opened: Nov 16, 2020
Severity: 3-Major

Symptoms

SOD daemon keeps restarting and also other daemons including ssh are down. In /var/log/ltm you see permission denied errors: tenant-1 logger[13289]: Re-starting sod tenant-1 err sod[13270]: 01140001:3: Shared mem error: Permission denied. tenant-1 err sod[13270]: 01140035:3: Flock error Permission denied @183. tenant-1 err sod[13270]: 01140001:3: Shared mem error: Permission denied.

Impact

The functionality of SOD daemon including other daemons such as ssh will not be available.

Conditions

The selinux context of files under /dev/shm is updated wrongly as system_u:object_r:initrc_state_t:s0 instead of system_u:object_r:tmpfs:s0 during upgrade.

Workaround

Change the selinux mode to Permissive mode with below command setenforce 0 and give "bigstart restart" to restart all the services.

Fix Information

None

Behavior Change