Bug 229705 - lvm.static avc's
lvm.static avc's
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: lvm-obsolete (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-22 15:52 EST by Dave Jones
Modified: 2015-01-04 17:29 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-17 13:56:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dave Jones 2007-02-22 15:52:07 EST
whilst installing a kernel, I got this..

audit(1172177328.053:4): avc:  denied  { write } for  pid=16031
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
audit(1172177328.243:5): avc:  denied  { write } for  pid=16034
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
audit(1172177329.330:6): avc:  denied  { write } for  pid=16124
comm="lvm.static" name=".cache" dev=dm-0 ino=28017112
scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file
Comment 1 Daniel Walsh 2007-02-23 09:59:13 EST
restorecon /etc/lvm/.cache  will fix it.

The problem here is that sever confined and some perhaps unconfined applications
are removing and recreating this file, so it ends up with the wrong context on
it.  I have added it to restorecond.conf so it will maintain its labeling and I
am opening up a bugzilla to try to get lvm maintainers to move it to a directory
by itselv.  /var/cache/lvm or /etc/lvm/cache/ Which would make SELinux life easier.
Comment 2 Daniel Walsh 2007-05-17 13:56:17 EDT
Changed to use /etc/lvm/cache/.cache

Note You need to log in before you can comment on or make changes to this bug.