Description of problem: SELinux is preventing /usr/sbin/hdparm from 'read' accesses on the blk_file sda. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that hdparm should be allowed read access on the sda blk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep hdparm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:tuned_t:s0 Target Context system_u:object_r:fixed_disk_device_t:s0 Target Objects sda [ blk_file ] Source hdparm Source Path /usr/sbin/hdparm Port <Unknown> Host (removed) Source RPM Packages hdparm-9.43-7.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-84.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.1-301.mst.fc21.x86_64 #1 SMP Tue Aug 26 02:24:06 UTC 2014 x86_64 x86_64 Alert Count 355 First Seen 2014-10-06 16:01:12 CEST Last Seen 2014-10-07 16:41:51 CEST Local ID 28dc3ef8-4b4b-47a3-a903-8ac906b2bfd3 Raw Audit Messages type=AVC msg=audit(1412692911.642:149): avc: denied { read } for pid=2593 comm="hdparm" name="sda" dev="devtmpfs" ino=121 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0 type=SYSCALL msg=audit(1412692911.642:149): arch=x86_64 syscall=open success=no exit=EACCES a0=7fff7d1d6f8d a1=800 a2=7fff7d1d6bd8 a3=13 items=0 ppid=871 pid=2593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=hdparm exe=/usr/sbin/hdparm subj=system_u:system_r:tuned_t:s0 key=(null) Hash: hdparm,tuned_t,fixed_disk_device_t,blk_file,read Version-Release number of selected component: selinux-policy-3.13.1-84.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.1-301.mst.fc21.x86_64 type: libreport Potential duplicate: bug 1013204
commit 8a50a8c5e0bd35f86de548df515d89ff1f851905 Author: Lukas Vrabec <lvrabec> Date: Fri Nov 7 21:44:06 2014 +0100 Make tuned as unconfined domain.
(In reply to Lukas Vrabec from comment #1) > commit 8a50a8c5e0bd35f86de548df515d89ff1f851905 > Author: Lukas Vrabec <lvrabec> > Date: Fri Nov 7 21:44:06 2014 +0100 > > Make tuned as unconfined domain. If so, you should do that also in older releases. Why not just add a rule?
selinux-policy-3.13.1-99.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-99.fc21
selinux-policy-3.13.1-99.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.