Bug 1035716 - selinux error reading /etc/mdadm.conf
Summary: selinux error reading /etc/mdadm.conf
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-28 10:28 UTC by Sergio Pascual
Modified: 2014-02-07 11:12 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-07 11:12:02 UTC
Type: Bug


Attachments (Terms of Use)

Description Sergio Pascual 2013-11-28 10:28:37 UTC
Description of problem:

I'm getting a selinux error when logwatch reads /etc/mdadm.conf

Source Context                system_u:system_r:logwatch_t:s0-s0:c0.c1023
Target Context                system_u:object_r:mdadm_conf_t:s0
Target Objects                /etc/mdadm.conf [ file ]
Source                        perl
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          xxxxxxxxxx
Source RPM Packages           perl-5.18.1-288.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-105.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     xxxxxxxxxxxxx
Platform                      Linux xxxxxxxxx 3.11.9-300.fc20.x86_64 #1
                              SMP Wed Nov 20 22:23:25 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-11-28 03:42:05 CET
Last Seen                     2013-11-28 03:42:05 CET
Local ID                      c220e277-733f-43dc-9867-5672025290da


The policy I get after running audit2allow is

module mypol 1.0;

require {
        type logwatch_t;
        type mdadm_conf_t;
        class file read;
}

#============= logwatch_t ==============
allow logwatch_t mdadm_conf_t:file read;

Comment 1 Sergio Pascual 2014-02-07 11:12:02 UTC
This seems fixed in the current policy selinux-policy-3.12.1-119 (and probably before). I'm closing the bug


Note You need to log in before you can comment on or make changes to this bug.