Bug 233068 - SELinux denials with LVM applet
SELinux denials with LVM applet
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-20 07:21 EDT by Quintin Hill
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-20 10:42:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Quintin Hill 2007-03-20 07:21:52 EDT
Description of problem:

SELinux denying a

Version-Release number of selected component (if applicable):

Affected RPM Packages:  lvm2-2.02.17-1.fc6 [application]lvm2-2.02.17-1.fc6
[target]Policy RPM:  selinux-policy-2.4.6-42.fc6

How reproducible:

Unknown (may only be first time run)

Steps to Reproduce:
1. Load System > Administration > Logical Volume Management
2. Look at logs
  
Actual results:

Two SELinux denials:

avc: denied { write } for comm="lvm" cwd="/home/qoh102" dev=08:01 egid=0 euid=0
exe="/usr/sbin/lvm" exit=3 fsgid=0 fsuid=0 gid=0 inode=17171419 item=0 items=1
mode=0100600 name="/etc/lvm/.cache" obj=system_u:object_r:lvm_etc_t:s0 ogid=0
ouid=0 pid=4744 rdev=00:00 scontext=system_u:system_r:lvm_t:s0 sgid=0
subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lvm_etc_t:s0 tty=(none) uid=0 

avc: denied { unlink } for comm="lvm" cwd="/home/qoh102" dev=08:01 egid=0 euid=0
exe="/usr/sbin/lvm" exit=0 fsgid=0 fsuid=0 gid=0 inode=17172857 item=4 items=5
mode=0100600 name="/etc/lvm/.cache" obj=system_u:object_r:lvm_metadata_t:s0
ogid=0 ouid=0 pid=4744 rdev=00:00 scontext=system_u:system_r:lvm_t:s0 sgid=0
subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lvm_etc_t:s0 tty=(none) uid=0

Expected results:

No such errors!


Additional info:
Comment 1 Daniel Walsh 2007-03-20 10:42:09 EDT
restorecon /etc/lvm/.cache will fix this problem.  Some lvm app that is not
running under a domain created this file, with the wrong label.  Changing the
label with restorecon will fix.  newver versions of lvm have moved the cache to
a directory with the correct label, so this will not happen in the future.  You
can use restorecond to make sure it does not happen on fc6.

Note You need to log in before you can comment on or make changes to this bug.