Bug 1333588

Summary: storaged path has changed --> runs as unconfined_service_t
Product: [Fedora] Fedora Reporter: Lukas Vrabec <lvrabec>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 24CC: dominick.grift, dwalsh, lvrabec, mgrepl, mmalik, phatina, plautrba, pvrabec, qe-baseos-security, ssekidde
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-186.fc24 selinux-policy-3.13.1-189.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1264390 Environment:
Last Closed: 2016-05-28 18:34:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Vrabec 2016-05-05 22:23:22 UTC 
+++ This bug was initially created as a clone of Bug #1264390 +++

Description of problem:

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-50.el7.noarch
selinux-policy-devel-3.13.1-50.el7.noarch
selinux-policy-doc-3.13.1-50.el7.noarch
selinux-policy-minimum-3.13.1-50.el7.noarch
selinux-policy-mls-3.13.1-50.el7.noarch
selinux-policy-sandbox-3.13.1-50.el7.noarch
selinux-policy-targeted-3.13.1-50.el7.noarch
storaged-2.1.1-1.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# semanage fcontext -l | grep storaged
/usr/lib/storaged/storaged                         regular file       system_u:object_r:lvm_exec_t:s0 
/usr/lib/storaged/storaged-lvm-helper              regular file       system_u:object_r:lvm_exec_t:s0 
# ls -Z /usr/lib/storaged/storaged
ls: cannot access /usr/lib/storaged/storaged: No such file or directory
# ls -Z /usr/lib/storaged/storaged-lvm-helper
ls: cannot access /usr/lib/storaged/storaged-lvm-helper: No such file or directory
# ls -l /usr/libexec/storaged/storaged
-rwxr-xr-x. 1 root root 394728 Jul  6 12:18 /usr/libexec/storaged/storaged
# matchpathcon /usr/libexec/storaged/storaged 
/usr/libexec/storaged/storaged	system_u:object_r:bin_t:s0
# 

Actual results:
 * storaged runs as unconfined_service_t

Expected results:
 * storaged runs as lvm_t

--- Additional comment from Miroslav Grepl on 2015-09-18 06:53:44 EDT ---

Did it come with 7.2? It looks like there storaged errata.
Comment 1 Fedora Update System 2016-05-26 05:01:53 UTC 
selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-43d1395a18
Comment 2 Fedora Update System 2016-05-26 05:02:54 UTC 
selinux-policy-3.13.1-188.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ccd9afa2f
Comment 3 Fedora Update System 2016-05-28 18:33:48 UTC 
selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.