Description of problem: Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-35.fc6 How reproducible: Open LVM management application. sealert comes up with a denial alert. Steps to Reproduce: 1. Make sure setroubleshootd and sealert are running. 2. Open LVM management application. 3. Actual results: sealert comes up with a denial alert. Nothing noticeable goes wrong in the LVM manager (tested in enforcing mode and permissive mode to compare). Expected results: No alert. Additional info: From sealert: "Detailed Description SELinux denied access requested by /usr/sbin/lvm. It is not expected that this access is required by /usr/sbin/lvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/share/system-config-lvm/lvm_model.py, restorecon -v /usr/share/system-config-lvm/lvm_model.py If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:lvm_t Target Context: system_u:object_r:usr_t Target Objects: /usr/share/system-config-lvm/lvm_model.py [ file ] Affected RPM Packages: lvm2-2.02.17-1.fc6 [application]system-config-lvm-1.0.18-1.2.FC6 [target] Policy RPM: selinux-policy-2.4.6-35.fc6 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Permissive Plugin Name: plugins.catchall_file Host Name: styx.wagelaar.local Platform: Linux styx.wagelaar.local 2.6.19-1.2911.fc6 #1 SMP Sat Feb 10 15:16:31 EST 2007 x86_64 x86_64 Alert Count: 3 Line Numbers: Raw Audit Messages : avc: denied { read } for comm="lvm" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/lvm" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="lvm_model.py" path="/usr/share/system-config-lvm/lvm_model.py" pid=3883 scontext=system_u:system_r:lvm_t:s0 sgid=0 subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 "
Fixed in selinux-polcicy-2.4.6-38
Fixed in current release