Bug 1623124

Summary: /dev/mtd0 is a character device and should have a more specific label than device_t
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.6CC: lvrabec, mgrepl, mmalik, plautrba, ssekidde, vmojzis
Target Milestone: rc   
Target Release: ---   
Hardware: ppc64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1488322 Environment:
Last Closed: 2018-10-30 10:09:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1488322    
Bug Blocks:    

Description Milos Malik 2018-08-28 14:13:11 UTC 
+++ This bug was initially created as a clone of Bug #1488322 +++

Description of problem:
/dev/mtd0 is a character device, but current SELinux policy file contexts are defined for block devices.

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-220.el7.noarch
selinux-policy-targeted-3.13.1-220.el7.noarch

How reproducible:
* always when the device is available

Steps to Reproduce:
1. get a RHEL 7.x machine equipped with a Memory Technology Device (MTD)
2. ls -Z /dev/mtd*
3. matchpathcon /dev/mtd*

Actual results:
# semanage fcontext -l | grep mtd
/dev/mtd.*    block device    system_u:object_r:fixed_disk_device_t:s0 
#

Expected results:
# semanage fcontext -l | grep mtd
/dev/mtd.*    character device    system_u:object_r:fixed_disk_device_t:s0 
#

Additional information:
 * https://boundarydevices.com/boot-flash-access-linux/
Comment 4 errata-xmlrpc 2018-10-30 10:09:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3111