Description of problem: Running a unit test for some somewhere where we need a "file", so we pass in /dev/zero as zeros are just fine. It maps it in, and we get this. It seems this should be no different than read()ing from /dev/zero. SELinux is preventing ffspart from 'map' accesses on the chr_file /dev/zero. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that ffspart should be allowed map access on the zero chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'ffspart' --raw | audit2allow -M my-ffspart # semodule -X 300 -i my-ffspart.pp Additional Information: Source Context staff_u:staff_r:staff_t:s0-s0:c0.c1023 Target Context system_u:object_r:zero_device_t:s0 Target Objects /dev/zero [ chr_file ] Source ffspart Source Path ffspart Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.26.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.15.4-300.fc27.x86_64 #1 SMP Mon Feb 19 23:31:15 UTC 2018 x86_64 x86_64 Alert Count 90 First Seen 2018-03-07 16:47:32 AEDT Last Seen 2018-03-07 16:49:32 AEDT Local ID 157bdc2b-eaa4-41f1-9852-926255f989bc Raw Audit Messages type=AVC msg=audit(1520401772.347:1481): avc: denied { map } for pid=22024 comm="ffspart" path="/dev/zero" dev="devtmpfs" ino=12292 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:zero_device_t:s0 tclass=chr_file permissive=0 Hash: ffspart,staff_t,zero_device_t,chr_file,map Version-Release number of selected component: selinux-policy-3.13.1-283.26.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.15.4-300.fc27.x86_64 type: libreport
selinux-policy-3.13.1-283.27.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.27.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.28.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.28.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-32ebae3424
selinux-policy-3.13.1-283.28.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.