Bug 229705

Summary: lvm.static avc's
Product: [Fedora] Fedora Reporter: Dave Jones <davej>
Component: lvm-obsoleteAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: pfrields
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-17 17:56:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dave Jones 2007-02-22 20:52:07 UTC 
whilst installing a kernel, I got this..

audit(1172177328.053:4): avc:  denied  { write } for  pid=16031
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
audit(1172177328.243:5): avc:  denied  { write } for  pid=16034
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
audit(1172177329.330:6): avc:  denied  { write } for  pid=16124
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
Comment 1 Daniel Walsh 2007-02-23 14:59:13 UTC 
restorecon /etc/lvm/.cache  will fix it.

The problem here is that sever confined and some perhaps unconfined applications
are removing and recreating this file, so it ends up with the wrong context on
it.  I have added it to restorecond.conf so it will maintain its labeling and I
am opening up a bugzilla to try to get lvm maintainers to move it to a directory
by itselv.  /var/cache/lvm or /etc/lvm/cache/ Which would make SELinux life easier.
Comment 2 Daniel Walsh 2007-05-17 17:56:17 UTC 
Changed to use /etc/lvm/cache/.cache