Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 312756 Details for
Bug 456859
Selinux Problem with Smartd Service using /dev/twa0
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Output from Selinux with reagrds to Smartd
selinux_alert.txt (text/plain), 2.99 KB, created by
Nino Sidoti
on 2008-07-28 08:23:43 UTC
(
hide
)
Description:
Output from Selinux with reagrds to Smartd
Filename:
MIME Type:
Creator:
Nino Sidoti
Created:
2008-07-28 08:23:43 UTC
Size:
2.99 KB
patch
obsolete
> >Summary: > >SELinux is preventing smartd (fsdaemon_t) "getattr" access to device /dev/twa0. > >Detailed Description: > >SELinux has denied the smartd (fsdaemon_t) "getattr" access to device /dev/twa0. >/dev/twa0 is mislabeled, this device has the default label of the /dev >directory, which should not happen. All Character and/or Block Devices should >have a label. You can attempt to change the label of the file using restorecon >-v '/dev/twa0'. If this device remains labeled device_t, then this is a bug in >SELinux policy. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy >package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, >and find a type that would work for /dev/twa0, you can use chcon -t SIMILAR_TYPE >'/dev/twa0', If this fixes the problem, you can make this permanent by executing >semanage fcontext -a -t SIMILAR_TYPE '/dev/twa0' If the restorecon changes the >context, this indicates that the application that created the device, created it >without using SELinux APIs. If you can figure out which application created the >device, please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this application. > >Allowing Access: > >Attempt restorecon -v '/dev/twa0' or chcon -t SIMILAR_TYPE '/dev/twa0' > >Additional Information: > >Source Context root:system_r:fsdaemon_t >Target Context root:object_r:device_t >Target Objects /dev/twa0 [ chr_file ] >Source smartd >Source Path /usr/sbin/smartd >Port <Unknown> >Host mars.sidoti.local >Source RPM Packages smartmontools-5.36-4.el5 >Target RPM Packages >Policy RPM selinux-policy-2.4.6-137.1.el5_2 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name device >Host Name mars.sidoti.local >Platform Linux mars.sidoti.local 2.6.18-92.1.6.el5 #1 SMP > Fri Jun 20 02:36:16 EDT 2008 i686 i686 >Alert Count 4 >First Seen Wed 23 Jul 2008 06:44:44 PM EST >Last Seen Mon 28 Jul 2008 06:14:14 PM EST >Local ID 1bdcf11d-a888-4700-8245-fab879b0da57 >Line Numbers > >Raw Audit Messages > >host=mars.sidoti.local type=AVC msg=audit(1217232854.174:22): avc: denied { getattr } for pid=5939 comm="smartd" path="/dev/twa0" dev=tmpfs ino=17043 scontext=root:system_r:fsdaemon_t:s0 tcontext=root:object_r:device_t:s0 tclass=chr_file > >host=mars.sidoti.local type=SYSCALL msg=audit(1217232854.174:22): arch=40000003 syscall=195 success=no exit=-13 a0=bf95c880 a1=bf95c730 a2=3d2ff4 a3=3 items=0 ppid=5938 pid=5939 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="smartd" exe="/usr/sbin/smartd" subj=root:system_r:fsdaemon_t:s0 key=(null) > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=312756">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 456859
: 312756