Bug 187193

Summary: avc msg hal / cpqarray driver.
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: udevAssignee: Harald Hoyer <harald>
Status: CLOSED CANTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: dwalsh, john.horne, katzj, kay.sievers, patrickm, pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-20 11:35:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dave Jones 2006-03-29 03:54:19 UTC
this pops out during boot..

audit(1143604711.882:2): avc:  denied  { getattr } for  pid=1678 comm="hald"
name="ida!c0d0" dev=tmpfs ino=754 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=blk_file

Comment 1 Daniel Walsh 2006-03-29 13:17:47 UTC
What is the full path to the devices?

Dan

Comment 2 Dave Jones 2006-03-30 21:38:18 UTC
actually, this is a kernel bug for exposing a pathname in sysfs with a / in it
(which gets munged to a !) and a udev bug, which should be munging it back to a /

The kernel bug is arguably difficult to fix as it could concievably break
existing setups, but I'll see what upstream says.

udev should still be fixed to munge any !'s back to /'s before creating a /dev
node though

Comment 3 Daniel Walsh 2006-03-30 21:47:05 UTC
I love it when the bugs are not mine.  :^)

Comment 4 Kay Sievers 2006-04-09 13:28:23 UTC
No, udev translates '!' into '/' for ages: 
http://www.kernel.org/git/?p=linux/hotplug/udev.git;a=blob;hb=HEAD;f=udev_sysfs.c#l98

Udev definitely works for ccis devices, which have a '!' in the kernel name too.
It's likely HAL looking for an existing node while scanning with the names from
sysfs. Are we sure, that such a node actually exists at the time of the error?

Comment 5 Harald Hoyer 2006-04-10 08:19:40 UTC
thx Kay!

Comment 6 John Horne 2006-06-14 11:50:51 UTC
This is a "me too" I'm afraid. I see you redhat chaps are already on this so I'm
not sure that I can help too much.

I've just installed FC5 on to an HP/Compaq DL360 with a cciss 5i scsi disk
controller. The install had some problems - first reboot couldn't remount the
root partition (permission denied). Also it couldn't see the swap partition.
Rebooting without selinux worked.

I noticed that the /etc/blkid/blkid.tab file had the root partition as
/dev/cciss!c0d0p3   The /boot partition was correct though /dev/cciss/c0d0p1.
(It might have been the other way round - root was right, boot was wrong. Sorry
I don't have the original contents anymore.)

I edited the blkid.tab file and rebooted. Also re-enabled selinux. All is okay
having rebooted a few times. However, the haldaemon service still gives these
errors:

===================================
Jun 14 12:35:20 betty kernel: audit(1150284920.659:3): avc:  denied  { getattr }
for  pid=2842 comm="hald" name="cciss!c0d0" dev=tmpfs ino=757
scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=blk_file
===================================

The system is fully patched.

Looking in /dev I see:

===================================
drwxr-xr-x 2 root root        120 Jun 14 12:28 cciss
brwx------ 1 root root   104,   0 Jun 14 12:28 cciss!c0d0
brwx------ 1 root root   104,   1 Jun 14 12:28 cciss!c0d0p1
brwx------ 1 root root   104,   2 Jun 14 12:28 cciss!c0d0p2
brwx------ 1 root root   104,   3 Jun 14 12:28 cciss!c0d0p3
===================================

The cciss subdirectory contains the right partitions:

===================================
brw-r----- 1 root disk 104, 0 Jun 14 12:28 c0d0
brw-r----- 1 root disk 104, 1 Jun 14 12:28 c0d0p1
brw-r----- 1 root disk 104, 2 Jun 14 12:28 c0d0p2
brw-r----- 1 root disk 104, 3 Jun 14 12:28 c0d0p3
===================================


John.

Comment 7 Daniel Walsh 2006-06-15 14:55:07 UTC
This is a udev problem.  It is creating bogus named devices, udev should be
translating thes names to the subdirectory.

If you want to get SELinux to work until udev is fixes you can execute this command

semanage fcontext -a -t fixed_disk_device_t  -f '-b' '/dev/cciss.*'

To assign a proper file context.

Comment 8 Kay Sievers 2006-06-15 15:04:34 UTC
No, udev translates these names since ages:
  http://www.kernel.org/git/?p=linux/hotplug/udev.git;a=blob;f=udev_sysfs.c#l98

Comment 9 Daniel Walsh 2006-09-18 19:45:26 UTC
Any Updates on this bug?

Comment 10 Daniel Walsh 2006-09-18 19:48:07 UTC
*** Bug 200510 has been marked as a duplicate of this bug. ***

Comment 11 Harald Hoyer 2006-09-25 11:39:40 UTC
this would mean that the device node is created two times? one time unchanged
and the second time with the corrected pathname.. odd...

Comment 12 Harald Hoyer 2007-09-20 11:08:29 UTC
has anyone seen this bug in FC6, F7, rawhide?

Comment 13 John Horne 2007-09-20 12:11:10 UTC
If its any help, the bug hasn't occurred when using the latest RHEL 4 (AS) on an
HP DL580 (cciss 6 controller I think). It also doesn't occur when using CentOS 5
on DL360/DL380's.


John.

Comment 14 Dave Jones 2007-10-05 21:27:37 UTC
my cpqarray died, so I can't test/reproduce this.