Bug 2039774 - pktcdvd has device_t
Summary: pktcdvd has device_t
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: selinux-policy
Version: 9.0
Hardware: Unspecified
OS: Linux
low
medium
Target Milestone: rc
: 9.2
Assignee: Zdenek Pytela
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-12 12:26 UTC by Jiri Jaburek
Modified: 2023-07-18 07:07 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-38.1.16-1.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1972230 1 None None None 2023-06-26 09:46:26 UTC
Red Hat Bugzilla 2040249 1 medium CLOSED device_t findings based on mass-modprobe 2023-07-13 07:31:53 UTC
Red Hat Issue Tracker RHELPLAN-107579 0 None None None 2022-01-12 12:36:28 UTC

Description Jiri Jaburek 2022-01-12 12:26:05 UTC 
Description of problem:

On (at least) x86_64:

# modprobe pktcdvd

# ls -Zd /dev/pktcdvd/
system_u:object_r:device_t:s0 /dev/pktcdvd

# ls -Z /dev/pktcdvd/*
system_u:object_r:device_t:s0 /dev/pktcdvd/control

# ls -Z /dev/pktcdvd/*
system_u:object_r:device_t:s0 /dev/pktcdvd/control

I can't reliably reproduce other files in that directory, but, from my testing, I've also seen

/dev/pktcdvd/pktcdvd[0-9]+

usually pktcdvd0 and pktcdvd1, but sometimes it goes into higher numbers, so you might want to regexp it.


Version-Release number of selected component (if applicable):
RHEL-9.0.0-20220108.3
selinux-policy-34.1.20-1.el9.noarch
Comment 2 Zdenek Pytela 2022-01-12 13:43:40 UTC 
Note the driver was deprecated upstream:

ommit 5a8b187c61e9cb1aa1e960fcbadb13beb9401e5e
Author: Jens Axboe <axboe>
Date:   Mon Nov 21 09:33:17 2016 -0700

    pktcdvd: mark as unmaintained and deprecated
Comment 6 Zdenek Pytela 2023-06-14 13:48:46 UTC 
Commit to backport:
commit 494476b02826d822e912c2209b20158eebce348d
Author: Zdenek Pytela <zpytela>
Date:   Fri Nov 25 14:28:06 2022 +0100

    Label udf tools with fsadm_exec_t

Note it also bring support for udf tools (see bz#1972230)
Note You need to log in before you can comment on or make changes to this bug.