Bug 677986

Summary: /dev/tgt does not have SELinux label
Product: Red Hat Enterprise Linux 6 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: dwalsh, ksrot, mgrepl
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 677989 (view as bug list) Environment:
Last Closed: 2011-05-19 11:57:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 677989    

Description Milos Malik 2011-02-16 12:35:48 UTC 
Description of problem:
inspired by bz#675996

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.7.19-70.el6.noarch
selinux-policy-3.7.19-70.el6.noarch

How reproducible:
always

Steps to Reproduce:
# modprobe scsi_tgt
# find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n"
/dev/tgt system_u:object_r:device_t:s0
#
Comment 2 Daniel Walsh 2011-02-16 20:20:34 UTC 
What should it be labeled? fixed_disk_device_t?
or
/dev/sg[0-9]+	-c	system_u:object_r:scsi_generic_device_t:s0
/dev/bsg/.+	-c	system_u:object_r:scsi_generic_device_t:s0
Comment 3 Miroslav Grepl 2011-02-17 09:16:58 UTC 
I believe we should label it as scsi_generic_device_t.
Comment 4 Daniel Walsh 2011-02-17 13:54:28 UTC 
sounds good to me
Comment 5 Miroslav Grepl 2011-02-17 15:22:41 UTC 
Fixed in selinux-policy-3.7.19-71.el6
Comment 8 Milos Malik 2011-03-07 08:22:30 UTC 
(In reply to comment #2)
> What should it be labeled? fixed_disk_device_t?
> or
> /dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t:s0
> /dev/bsg/.+ -c system_u:object_r:scsi_generic_device_t:s0

I don't know. Just clearing the NEEDINFO flag.
Comment 9 Miroslav Grepl 2011-03-07 09:15:58 UTC 
This is labelled by scsi_generic_device_t label now.
Comment 11 errata-xmlrpc 2011-05-19 11:57:41 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0526.html