Description of problem: Yet another case of selinux blocking the launch of mdmon, rendering BIOS RAID arrays unusable :( Sep 05 15:14:57 noisybay.lan kernel: type=1400 audit(1378386897.626:4): avc: de nied { getattr } for pid=487 comm="mdmon" name="/" dev="dm-1" ino=2 scontext=s ystem_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fs_t:s0 tclas s=filesystem Version-Release number of selected component (if applicable): selinux-policy-3.12.1-70.fc20.noarch How reproducible: Steps to Reproduce: 1. Install rawhide 2. Update to rawhide as of 130905 3. Install soon to be released mdadm-3.3 rpm 4. Reboot Actual results: No mdmon being launched, write to BIOS RAID 1/5/10 arrays hangs Expected results: Additional info:
Any other AVC's in permissive mode?
I only see the single one related to mdadm/mdmon - there are a pile related to sshd though. Like these: Sep 05 15:50:39 noisybay.lan setroubleshoot[1176]: AuditRecordReceiver.add_recor d_to_cache(): node=noisybay.lan type=AVC msg=audit(1378389038.788:49): avc: den ied { dyntransition } for pid=1153 comm="sshd" scontext=system_u:system_r:init rc_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process Sep 05 15:50:39 noisybay.lan setroubleshoot[1176]: analyze_avc() avc=scontext=sy stem_u:system_r:initrc_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 a ccess=['dyntransition'] tclass=process tpath= Sep 05 15:50:39 noisybay.lan python[1176]: SELinux is preventing /usr/sbin/sshd from using the dyntransition access on a process. Jes
Looks like you have sshd running with the wrong context, This seems to be a mislabaled system.
I honestly wouldn't know how it ended up mislabelled. I simply installed Fedora 19 and then yum updated it to rawhide in order to be able to test on rawhide. I haven't done anything special to it - the whole avc problem space isn't my area of expertise, I really just rely on this stuff to work :( Jes
That I don't know, what is the label on sshd? ls -lZ /usr/sbin/sshd 8b46396ec11542987ceeffdfadbb9976bc09ed18 allows this getattr on filesystem
It looks this is a F19->rawhide upgrade issue. I believe you have mislabeled /usr/sbin.
That could very well be - I honestly have no idea on this front. fedup didn't work because rawhide isn't assembled as a distro yet, so I had to yum upgrade. fwiw [root@noisybay ~]# ls -lZ /usr/sbin/sshd -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/sbin/sshd
Yum upgrade seems to be turning off the rpm labeling for some reason.