From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b3) Gecko/20050729 Fedora/1.1-0.2.5.deerpark.alpha2 Firefox/1.0+ Description of problem: Hi, I created a swap file using: dd if=/dev/zero of=/scratch/swap ... Then I added to /etc/fstab: /scratch/swap none swap defaults 0 0 This is a pretty standard way to do swap files, documented in a lot of places. The default policy prevents this from working: audit(1123011750.821:2): avc: denied { read } for pid=1331 comm="swapon" name="swap" dev=dm-3 ino=1331 scontext=system_u:system_r:fsadm_t tcontext=root:object_r:file_t tclass=file I suggest that we make fsadm_t be unconfined_domain() or equivalent (perhaps just allow it to read all file types) to keep compatibility here. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.25.3-10 How reproducible: Always Steps to Reproduce: 1. Create swap file 2. Add to fstab 3. swapon -a Additional info:
I should note this bug only happens on bootup; I'm guessing initrc_t transitions to fsadm_t, but unconfined_t does not.
fixed in selinux-policy-targeted-1.25.4-8