Red Hat Bugzilla – Bug 224011
SELinux AVC denied { read } for pid=2390 comm="mdadm" - accessing storage on a node
Last modified: 2009-04-16 18:34:01 EDT
Description of problem: SELinux AVC denied { read } for pid=2390 comm="mdadm" - accessing storage on a node Version-Release number of selected component (if applicable): selinux-policy-2.4.6-28.el5 selinux-policy-targeted-2.4.6-28.el5 luci-0.8-29.el5 ricci-0.8-29.el5 How reproducible: 100% Steps to Reproduce: 1. Access a node's storage 2. Note - no error is displayed by luci Actual results: Audit log fragment is listed below. Expected results: No read denied messages in audit log. Additional info: type=AVC msg=audit(1169568462.642:31): avc: denied { read } for pid=2390 comm="mdadm" name="sg1" dev=tmpfs ino=3959 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1169568462.642:31): arch=40000003 syscall=5 success=no exit=-13 a0=94a3e08 a1=0 a2=0 a3=1 items=0 ppid=2381 pid=2390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mdadm" exe="/sbin/mdadm" subj=system_u:system_r:mdadm_t:s0 key=(null) type=AVC msg=audit(1169568462.960:32): avc: denied { read } for pid=2390 comm="mdadm" name="rtc" dev=tmpfs ino=629 scontext=system_u:system_r:mdadm_t:s0 tcontext=system_u:object_r:clock_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1169568462.960:32): arch=40000003 syscall=5 success=no exit=-13 a0=94a3d58 a1=0 a2=0 a3=1 items=0 ppid=2381 pid=2390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mdadm" exe="/sbin/mdadm" subj=system_u:system_r:mdadm_t:s0 key=(null) type=AVC msg=audit(1169568464.184:33): avc: denied { read } for pid=2414 comm="modinfo" name="gfs.ko" dev=dm-0 ino=2058548 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file type=SYSCALL msg=audit(1169568464.184:33): arch=40000003 syscall=5 success=no exit=-13 a0=9cbd090 a1=0 a2=1b6 a3=9cc3630 items=0 ppid=2381 pid=2414 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modinfo" exe="/sbin/modinfo" subj=system_u:system_r:ricci_modstorage_t:s0 key=(null) type=AVC msg=audit(1169568464.223:34): avc: denied { read } for pid=2415 comm="modinfo" name="gfs2.ko" dev=dm-0 ino=2058052 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file type=SYSCALL msg=audit(1169568464.223:34): arch=40000003 syscall=5 success=no exit=-13 a0=8b24008 a1=0 a2=1b6 a3=8b2a6a8 items=0 ppid=2381 pid=2415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modinfo" exe="/sbin/modinfo" subj=system_u:system_r:ricci_modstorage_t:s0 key=(null)
Note that there are also messages for modinfo in the above log fragment - for example: type=AVC msg=audit(1169568464.184:33): avc: denied { read } for pid=2414 comm="modinfo" name="gfs.ko" dev=dm-0 ino=2058548 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file
Fixd in selinux-policy-2.4.6-29
Fixing Product Name. Cluster Suite was merged into Enterprise Linux for version 5.0.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0640.html