Description of problem: It seems that swapon needs write access to /etc/blkid.tab and is blocked by the default policy audit(1131812561.197:2): avc: denied { write } for pid=1234 comm="swapon" name="blkid.tab" dev=dm-0 ino=1999275 scontext=system_u:system_r:fsadm_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file audit(1131812561.197:3): avc: denied { write } for pid=1234 comm="swapon" name="blkid.tab" dev=dm-0 ino=1999275 scontext=system_u:system_r:fsadm_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file Adding 2096472k swap on /dev/sda2. Priority:-1 extents:1 across:2096472k audit(1131812561.209:4): avc: denied { write } for pid=1234 comm="swapon" name="blkid.tab" dev=dm-0 ino=1999275 scontext=system_u:system_r:fsadm_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file audit(1131812561.213:5): avc: denied { write } for pid=1234 comm="swapon" name="blkid.tab" dev=dm-0 ino=1999275 scontext=system_u:system_r:fsadm_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file Adding 2096472k swap on /dev/sdb2. Priority:-2 extents:1 across:2096472k selinux-policy-targeted-1.27.2-19 (CCing Karel Zak and Ben Levenson so they can confirm swapon needs)
Yes, add commands compiled with libblkid (swapon, swapoff, mount, fsck.ext2, ...) need write access to /etc/blkid.tab.
/etc/blkid.tab should have a security context of etc_runtime_t on it. You can fix this by executing restorecon /etc/blklid.tab The question is how did it get this bad context? Do you know which app created this file? Did you boot with selinux disabled? selinux=0?
I ran for ~ 15min with selinux disabled to do a yum upgrade (policy changes broke rpm sciplets this week) Also the lvm which contains the / was moved to na new raid (lvm commands executed from the FC4 install disk manually), so maybe that's the root of the problem Should I do a restorecon / ?
touch /.autorelabel reboot is a better idea.
Ok, this works Sorry for bothering you - will be more careful next time I move a LVM