Description of problem: As discovered in bug 1011193, some iscsi permissions are missing. Version-Release number of selected component (if applicable): Latest f19 (updates) Please note that this appeared on oVirt Node (which is a r/o rootfs/livecd) Description: # audit2allow -alR require { ... type iscsid_t; ... } # COMMENT: Should these also be added? #============= initrc_t ============== allow initrc_t sshd_net_t:process dyntransition; allow initrc_t unconfined_t:process dyntransition; # COMMENT: The missing permissions #============= iscsid_t ============== allow iscsid_t iscsi_var_lib_t:dir { write remove_name create add_name rmdir }; allow iscsid_t iscsi_var_lib_t:file { write create unlink }; allow iscsid_t iscsi_var_lib_t:lnk_file { create unlink };
You have sshd daemon running as initrc_t? # ps -efZ |grep initrc
I fixed problems with isci_var_lib_t labels, but please respond to the comment above. commit c2929a0a2d32b5bafc86b44f4d51ad13e6a86b7b Author: Lukas Vrabec <lvrabec> Date: Wed Feb 19 16:15:16 2014 +0100 Allow iscsi to manage iscsi_var_lib_t files and dirs
I added one more rule. commit 8e1094f696ce6cb3c84d9da1d926d1ec3337c349 Author: Lukas Vrabec <lvrabec> Date: Wed Feb 19 16:23:18 2014 +0100 Added var_lib filetrans in iscsi policy
selinux-policy-3.12.1-74.19.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.19.fc19
Package selinux-policy-3.12.1-74.19.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.19.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-3030/selinux-policy-3.12.1-74.19.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.19.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.