Bug 2134272
| Summary: | SELinux is preventing to write on devtmpfs | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Huanian Li <huanli> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | dwalsh, grepl.miroslav, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-10-13 06:45:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 2134121 *** |
Description of problem: avc: denied { write } for pid=173647 comm="systemd-gpt-aut" name="vda" dev="devtmpfs" ino=321 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. clone https://s3.amazonaws.com/arr-cki-prod-trusted-artifacts/trusted-artifacts/661793015/setup%20x86_64/3145814585/artifacts/beaker.xml 2. submit it to beaker 3. check avc.log Actual results: # https://s3.us-east-1.amazonaws.com/arr-cki-prod-datawarehouse-public/datawarehouse-public/2022/10/08/redhat:661793015/build_x86_64_redhat:661793015_x86_64/tests/3/results_0001/job.01/recipes/12730349/tasks/8/results/1665253769/logs/avc.log SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-37.13-1.fc38.noarch ---- time->Sat Oct 8 14:53:49 2022 type=AVC msg=audit(1665255229.515:549): avc: denied { write } for pid=173647 comm="systemd-gpt-aut" name="vda" dev="devtmpfs" ino=321 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1 ---- time->Sat Oct 8 14:53:52 2022 type=AVC msg=audit(1665255232.008:591): avc: denied { write } for pid=173720 comm="systemd-gpt-aut" name="vda" dev="devtmpfs" ino=321 scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=1 Expected results: Should not deny {write} for comm="systemd-gpt-aut" name="\S+" dev="devtmpfs" Additional info: https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/issues/1424