Bug 560807
Summary: | SELinux is preventing /usr/bin/tpb "read" access on nvram. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | G. E. McLean <radeead> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | dwalsh, mgrepl, Robert-Martin |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:2302e3e7fb8800b4cf3f1f18352132fda597da45bb6c42f0b06051b5cd95eb2b | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-02-02 13:23:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
G. E. McLean
2010-02-01 21:59:16 UTC
Only unconfined domains currently can read this device. Why does xguest need to read it? nvram Special File Purpose Provides access to platform-specific nonvolatile RAM used for system boot, configuration, and fatal error information. This access is achieved through the machine I/O device driver. Description The /dev/nvram character special file provides access to the machine device driver for accessing or modifying machine-specific nonvolatile RAM. The appropriate privilege is required to open the nvram special file. The nvram special file is used by machine-specific configuration programs to store or retrieve configuration and boot information using the nonvolatile RAM or ROM provided on the machine. The nvram special file supports open, close, read, and ioctl operations. Note: Application programs should not access the nonvolatile RAM. Since nonvolatile RAM is platform-specific, any reliance on its presence and implementation places portability constraints upon the using application. In addition, accessing the nonvolatile RAM may cause loss of system startup and configuration information. Such a loss could require system administrative or maintenance task work to rebuild or recover. This does not sound like something a confined user should be looking at. *** Bug 606039 has been marked as a duplicate of this bug. *** |