Bug 998857

Summary: selinux blocks mdmon from being launched
Product: [Fedora] Fedora Reporter: Jes Sorensen <Jes.Sorensen>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-20 12:00:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jes Sorensen 2013-08-20 08:55:04 UTC 
Description of problem:
Looks like another case of selinux blocking mdmon from being launched at boot.
rawhide system, if I boot normally mdmon is not being launched from mdadm
(via systemd). If I boot with enforcing=0 it comes up normally.

Looks like yet another variation of BZ#975649

type=USER_AVC msg=audit(1376927903.994:112): pid=1 uid=0 auid=4294967295 ses=4294967295  subj=system_u:system_r:init_t:s0 msg='avc:  denied  { start } for auid=-1 uid=0 gid=0 path="/usr/lib/systemd/system/mdmon@
.service" scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

[    9.903445] noisybay.lan kernel: md: bind<sdd>
[    9.906074] noisybay.lan kernel: md: bind<sdd>
[    9.906141] noisybay.lan kernel: md: bind<sdc>
[    9.916615] noisybay.lan kernel: md: raid1 personality registered for level 1
[    9.922773] noisybay.lan kernel: md/raid1:md126: active with 2 out of 2 mirrors
[    9.928919] noisybay.lan kernel: md126: detected capacity change from 0 to 85899345920
[    9.935771] noisybay.lan kernel: RAID1 conf printout:
[    9.935774] noisybay.lan kernel:  --- wd:2 rd:2
[    9.935775] noisybay.lan kernel:  disk 0, wo:0, o:1, dev:sdc
[    9.935776] noisybay.lan kernel:  disk 1, wo:0, o:1, dev:sdd
[    9.228614] noisybay.lan systemd[1]: SELinux policy denies access.
[    9.936561] noisybay.lan kernel:  md126: unknown partition table


Version-Release number of selected component (if applicable):
selinux-policy-3.12.1-70.fc20.noarch

How reproducible:
Every time

Steps to Reproduce:
1. Create a RAID1/RAID5/RAID10 IMSM BIOS RAID array (not used for /)
2. Install onto another partition
3. Boot

Actual results:
No mdmon running, hence metadata not being updated on the RAID array, and
all write access to the device hangs.

Expected results:
[root@noisybay ~]# ps -aux|grep dmon
root        387  0.0  0.1  15076 10980 ?        SLsl 10:38   0:00 @sbin/mdmon --foreground md127


Additional info:
Comment 1 Daniel Walsh 2013-08-20 12:00:15 UTC 
12e64f8fcca20c0099eb9ad9b8f0ac4962e348a2 fixes this in git.

Should be in the next rawhide build.