Bug 2029849 - collectd / plugin "disk" / UdevNameAttr "DEVNAME" results in SElinux denied related to "tmpfs"
Summary: collectd / plugin "disk" / UdevNameAttr "DEVNAME" results in SElinux denied r...
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: collectd
Version: epel8
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jonathan Wright
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-12-07 13:10 UTC by Peter Bieringer
Modified: 2024-05-17 12:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Peter Bieringer 2021-12-07 13:10:12 UTC 
Description of problem:
Enabling UdevNameAttr "DEVNAME" in plugin "disk" results in SElinux denied related to "tmpfs"

Version-Release number of selected component (if applicable):
collectd-5.9.0-5.el8.x86_64

How reproducible:
Always

Steps to Reproduce:
1. install collectd

2. configure plugin "disk"
<Plugin disk>
       UdevNameAttr "DEVNAME"
</Plugin>

3. start collectd

Actual results:
tail -f /var/log/audit/audit.log | egrep "denied.*collectd"

per run many of such lines:

type=AVC msg=audit(1638874911.463:18520138): avc:  denied  { read } for  pid=1839851 comm="reader#0" name="b253:9" dev="tmpfs" ino=20061 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file permissive=0


Expected results:
no SElinux denied entries

Additional info:

Tried to exclude "tmpfs" by

<Plugin disk>
        Disk "tmpfs"
        IgnoreSelected true
        UdevNameAttr "DEVNAME"
</Plugin>

but this won't help
Comment 1 Fedora Admin user for bugzilla script actions 2024-05-17 00:14:10 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Comment 2 Fedora Admin user for bugzilla script actions 2024-05-17 12:33:12 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
Note You need to log in before you can comment on or make changes to this bug.