Bug 233068 - SELinux denials with LVM applet
Summary: SELinux denials with LVM applet
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
medium
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-20 11:21 UTC by Quintin Hill
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-20 14:42:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Quintin Hill 2007-03-20 11:21:52 UTC
Description of problem:

SELinux denying a

Version-Release number of selected component (if applicable):

Affected RPM Packages:  lvm2-2.02.17-1.fc6 [application]lvm2-2.02.17-1.fc6
[target]Policy RPM:  selinux-policy-2.4.6-42.fc6

How reproducible:

Unknown (may only be first time run)

Steps to Reproduce:
1. Load System > Administration > Logical Volume Management
2. Look at logs
  
Actual results:

Two SELinux denials:

avc: denied { write } for comm="lvm" cwd="/home/qoh102" dev=08:01 egid=0 euid=0
exe="/usr/sbin/lvm" exit=3 fsgid=0 fsuid=0 gid=0 inode=17171419 item=0 items=1
mode=0100600 name="/etc/lvm/.cache" obj=system_u:object_r:lvm_etc_t:s0 ogid=0
ouid=0 pid=4744 rdev=00:00 scontext=system_u:system_r:lvm_t:s0 sgid=0
subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lvm_etc_t:s0 tty=(none) uid=0 

avc: denied { unlink } for comm="lvm" cwd="/home/qoh102" dev=08:01 egid=0 euid=0
exe="/usr/sbin/lvm" exit=0 fsgid=0 fsuid=0 gid=0 inode=17172857 item=4 items=5
mode=0100600 name="/etc/lvm/.cache" obj=system_u:object_r:lvm_metadata_t:s0
ogid=0 ouid=0 pid=4744 rdev=00:00 scontext=system_u:system_r:lvm_t:s0 sgid=0
subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lvm_etc_t:s0 tty=(none) uid=0

Expected results:

No such errors!


Additional info:

Comment 1 Daniel Walsh 2007-03-20 14:42:09 UTC
restorecon /etc/lvm/.cache will fix this problem.  Some lvm app that is not
running under a domain created this file, with the wrong label.  Changing the
label with restorecon will fix.  newver versions of lvm have moved the cache to
a directory with the correct label, so this will not happen in the future.  You
can use restorecond to make sure it does not happen on fc6.


Note You need to log in before you can comment on or make changes to this bug.