From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: While trying to debug a disk image using fdisk I found that selinux will not allow me to run fdisk on the file. sfdisk doesn't work either. I've done it in earlier versions, so I know its something that's possible. Here are the relevant lines from audit.log: type=PATH msg=audit(1119034442.581:16583602): item=0 name="bootfile.dump" inode=737318 dev=fd:00 mode=040775 ouid=11907 ogid=500 rdev=00:00 type=SYSCALL msg=audit(1119034442.581:16583602): arch=40000003 syscall=5 success=no exit=-13 a0=bff519e8 a1=8002 a2=0 a3=8002 items=1 pid=25218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="fdisk" exe="/sbin/fdisk" type=AVC msg=audit(1119034442.581:16583602): avc: denied { search } for pid=25218 comm="fdisk" name=pearpc dev=dm-0 ino=737318 scontext=root:system_r:fsadm_t tcontext=root:object_r:user_home_t tclass=dir Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. dd if=/dev/zero of=disk.image bs=1048576 count=5 2. /sbin/fdisk disk.image Actual Results: "Unable to open disk.image" & fdisk exits. Expected Results: Image should have opened and fdisk allowed me to make modifications. Additional info:
What policy are you running. This should be allowed. Dan
I'm running targeted. Its the standard FC4 setup (via an upgrade of FC3) so there shouldn't be any surprises... Brian
selinux-policy-targeted-1.23.18-12 should fix this.
Yes, that fixes it. Thanks!