Bug 1035716

Summary: selinux error reading /etc/mdadm.conf
Product: [Fedora] Fedora Reporter: Sergio Pascual <sergio.pasra>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dominick.grift, dwalsh, frank, jsynacek, lvrabec, mgrepl, richardfearn, varekova
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-07 11:12:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Sergio Pascual 2013-11-28 10:28:37 UTC
Description of problem:

I'm getting a selinux error when logwatch reads /etc/mdadm.conf

Source Context                system_u:system_r:logwatch_t:s0-s0:c0.c1023
Target Context                system_u:object_r:mdadm_conf_t:s0
Target Objects                /etc/mdadm.conf [ file ]
Source                        perl
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          xxxxxxxxxx
Source RPM Packages           perl-5.18.1-288.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     xxxxxxxxxxxxx
Platform                      Linux xxxxxxxxx 3.11.9-300.fc20.x86_64 #1
                              SMP Wed Nov 20 22:23:25 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-11-28 03:42:05 CET
Last Seen                     2013-11-28 03:42:05 CET
Local ID                      c220e277-733f-43dc-9867-5672025290da


The policy I get after running audit2allow is

module mypol 1.0;

require {
        type logwatch_t;
        type mdadm_conf_t;
        class file read;
}

#============= logwatch_t ==============
allow logwatch_t mdadm_conf_t:file read;

Comment 1 Sergio Pascual 2014-02-07 11:12:02 UTC
This seems fixed in the current policy selinux-policy-3.12.1-119 (and probably before). I'm closing the bug