Bug 2039774

Summary: pktcdvd has device_t
Product: Red Hat Enterprise Linux 9 Reporter: Jiri Jaburek <jjaburek>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: VERIFIED --- QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: low    
Version: 9.0CC: lvrabec, mmalik, nknazeko
Target Milestone: rcKeywords: Triaged
Target Release: 9.2   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-38.1.16-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Jaburek 2022-01-12 12:26:05 UTC
Description of problem:

On (at least) x86_64:

# modprobe pktcdvd

# ls -Zd /dev/pktcdvd/
system_u:object_r:device_t:s0 /dev/pktcdvd

# ls -Z /dev/pktcdvd/*
system_u:object_r:device_t:s0 /dev/pktcdvd/control

# ls -Z /dev/pktcdvd/*
system_u:object_r:device_t:s0 /dev/pktcdvd/control

I can't reliably reproduce other files in that directory, but, from my testing, I've also seen

/dev/pktcdvd/pktcdvd[0-9]+

usually pktcdvd0 and pktcdvd1, but sometimes it goes into higher numbers, so you might want to regexp it.


Version-Release number of selected component (if applicable):
RHEL-9.0.0-20220108.3
selinux-policy-34.1.20-1.el9.noarch

Comment 2 Zdenek Pytela 2022-01-12 13:43:40 UTC
Note the driver was deprecated upstream:

ommit 5a8b187c61e9cb1aa1e960fcbadb13beb9401e5e
Author: Jens Axboe <axboe>
Date:   Mon Nov 21 09:33:17 2016 -0700

    pktcdvd: mark as unmaintained and deprecated

Comment 6 Zdenek Pytela 2023-06-14 13:48:46 UTC
Commit to backport:
commit 494476b02826d822e912c2209b20158eebce348d
Author: Zdenek Pytela <zpytela>
Date:   Fri Nov 25 14:28:06 2022 +0100

    Label udf tools with fsadm_exec_t

Note it also bring support for udf tools (see bz#1972230)