Bug 637822
| Summary: | selinux blocks /usr/share/smartmontools/driverdb.h from updated smartmontools | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michal Hlavinka <mhlavink> | |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> | |
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 13 | Keywords: | Reopened | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | selinux-policy-3.7.19-65.fc13 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 838063 (view as bug list) | Environment: | ||
| Last Closed: | 2010-10-19 07:06:33 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 637171, 838063 | |||
smartctl does not seem to cause selinux denial also there is new tool for updating that package /usr/sbin/update-smart-drivedb which seems to work fine only smartd has this problem with selinux You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.9.5-8.fc14 > Fixed in selinux-policy-3.9.5-8.fc14
this change is required also in F-13
selinux-policy-3.9.5-10.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.5-10.fc14 selinux-policy-3.9.5-10.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. (In reply to comment #3) > > Fixed in selinux-policy-3.9.5-8.fc14 > > this change is required also in F-13 was it already fixed in F-13 or not yet? Fixed in selinux-policy-3.7.19-64.fc13 selinux-policy-3.7.19-65.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13 selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-65.fc13 selinux-policy-3.7.19-65.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: Smartmontools will be updated, they use new database file with known drivers, but selinux denies smartmontools using that file (located at /usr/share/smartmontools/driverdb.h ) Sep 27 16:26:33 nbone kernel: type=1400 audit(1285597593.357:22809): avc: denied { read } for pid=24463 comm="smartd" name="drivedb.h" dev=sda5 ino=441868 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Sep 27 16:26:33 nbone kernel: type=1400 audit(1285597593.357:22810): avc: denied { open } for pid=24463 comm="smartd" name="drivedb.h" dev=sda5 ino=441868 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Sep 27 16:26:33 nbone kernel: type=1400 audit(1285597593.357:22811): avc: denied { getattr } for pid=24463 comm="smartd" path="/usr/share/smartmontools/drivedb.h" dev=sda5 ino=441868 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file Sep 27 16:26:33 nbone smartd[24463]: smartd 5.40 (build date Sep 27 2010) [x86_64-unknown-linux-gnu] (local build)#012Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net#012 required for Rawhide, F-14 and F-13