Description of problem: When installing with the mls policy an IA64 system cannot boot because it gets continuous denies from nash-hotplug Version-Release number of selected component (if applicable): selinux-policy-mls-2.4.6-22.el5 How reproducible: Everytime Steps to Reproduce: 1. 2. 3. Actual results: Here are the AVCs Jan 10 17:23:42 aphex kernel: audit(1168467802.082:3): avc: denied { write } for pid=353 comm="nash-hotplug" name="zero" dev=tmpfs ino=715 scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 tclass=chr_file Jan 10 17:23:42 aphex kernel: audit(1168467802.084:4): avc: denied { write } for pid=353 comm="nash-hotplug" name="zero" dev=tmpfs ino=715 scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s15:c0.c1023 tclass=chr_file Jan 11 10:29:17 aphex kernel: audit(1168529338.087:3): avc: denied { write } for pid=353 comm="nash-hotplug" name="zero" dev=tmpfs ino=715 scontext=system_u:system_r:kernel_t:s15:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file Additional info: Here's my audit2allow output which once installed the system can boot just fine. module nashhotplug 1.0; require { class chr_file write; type kernel_t; type tmpfs_t; role system_r; }; allow kernel_t tmpfs_t:chr_file write;
Fixed in selinux-policy-2.4.6-25
QE ack for RHEL5.
A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.