1333588 – storaged path has changed --> runs as unconfined_service_t

Bug 1333588 - storaged path has changed --> runs as unconfined_service_t

Summary: storaged path has changed --> runs as unconfined_service_t

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	24
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-05 22:23 UTC by Lukas Vrabec
Modified:	2016-05-28 18:34 UTC (History)
CC List:	10 users (show)
Fixed In Version:	selinux-policy-3.13.1-186.fc24 selinux-policy-3.13.1-189.fc24
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1264390
Environment:
Last Closed:	2016-05-28 18:34:14 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Lukas Vrabec 2016-05-05 22:23:22 UTC

+++ This bug was initially created as a clone of Bug #1264390 +++

Description of problem:

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-50.el7.noarch
selinux-policy-devel-3.13.1-50.el7.noarch
selinux-policy-doc-3.13.1-50.el7.noarch
selinux-policy-minimum-3.13.1-50.el7.noarch
selinux-policy-mls-3.13.1-50.el7.noarch
selinux-policy-sandbox-3.13.1-50.el7.noarch
selinux-policy-targeted-3.13.1-50.el7.noarch
storaged-2.1.1-1.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# semanage fcontext -l | grep storaged
/usr/lib/storaged/storaged                         regular file       system_u:object_r:lvm_exec_t:s0 
/usr/lib/storaged/storaged-lvm-helper              regular file       system_u:object_r:lvm_exec_t:s0 
# ls -Z /usr/lib/storaged/storaged
ls: cannot access /usr/lib/storaged/storaged: No such file or directory
# ls -Z /usr/lib/storaged/storaged-lvm-helper
ls: cannot access /usr/lib/storaged/storaged-lvm-helper: No such file or directory
# ls -l /usr/libexec/storaged/storaged
-rwxr-xr-x. 1 root root 394728 Jul  6 12:18 /usr/libexec/storaged/storaged
# matchpathcon /usr/libexec/storaged/storaged 
/usr/libexec/storaged/storaged	system_u:object_r:bin_t:s0
# 

Actual results:
 * storaged runs as unconfined_service_t

Expected results:
 * storaged runs as lvm_t

--- Additional comment from Miroslav Grepl on 2015-09-18 06:53:44 EDT ---

Did it come with 7.2? It looks like there storaged errata.

Comment 1 Fedora Update System 2016-05-26 05:01:53 UTC

selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-43d1395a18

Comment 2 Fedora Update System 2016-05-26 05:02:54 UTC

selinux-policy-3.13.1-188.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ccd9afa2f

Comment 3 Fedora Update System 2016-05-28 18:33:48 UTC

selinux-policy-3.13.1-189.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.