Bug 353611
Summary: | SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to par0 (device_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tim McConnell <timothy.mcconnell> |
Component: | selinux-policy | Assignee: | Harald Hoyer <harald> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 7 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.6.4-59.fc7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-12-11 00:55:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tim McConnell
2007-10-26 05:30:15 UTC
udev should not be relabing from device_t for lnk_file. (In reply to comment #1) > udev should not be relabing from device_t for lnk_file. Okay, and that means...? I got this one, seems like the same bug to me. Summary SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to ramdisk (device_t). Detailed Description SELinux denied access requested by /sbin/udevd. It is not expected that this access is required by /sbin/udevd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:udev_t:SystemLow-SystemHighTarget Context: system_u:object_r:device_tTarget Objects: ramdisk [ lnk_file ]Affected RPM Packages: udev-113-12.fc7 [application]Policy RPM: selinux-policy-2.6.4-48.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchallHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlonAlert Count: 1First Seen: Wed 31 Oct 2007 08:40:34 PM CETLast Seen: Wed 31 Oct 2007 08:40:34 PM CETLocal ID: 0f27d74a-3ec2-4f0a-963f-58e1847f6b04Line Numbers: Raw Audit Messages : avc: denied { relabelfrom } for comm="udevd" dev=tmpfs egid=0 euid=0 exe="/sbin/udevd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="ramdisk" pid=3462 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 Fixed in selinux-policy-2.6.4-53.fc7 |