Bug 236495 - vgscan fails when tageted is in enforce mode
vgscan fails when tageted is in enforce mode
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
high Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-15 08:06 EDT by Frank Büttner
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-16 09:53:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Frank Büttner 2007-04-15 08:06:05 EDT
Description of problem:
When run vgscan in enforce mode it fails with an denied message.
When add LVM after installing Fedora, it will result in an possible unbootable
system.(when mounting the logical volume in fstab)

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-54.fc6

How reproducible:
every time

Steps to Reproduce:
1.run vgscan in enforce mode
  
Actual results:
This denied message:
type=AVC msg=audit(1176638158.025:1005): avc:  denied  { write } for  pid=3892
comm="lvm" name=".cache" dev=md1 ino=7858258 scontext=user_u:system_r:lvm_t:s0
tcontex
t=user_u:object_r:lvm_etc_t:s0 tclass=file
type=SYSCALL msg=audit(1176638158.025:1005): arch=40000003 syscall=5 success=yes
exit=3 a0=a0498d0 a1=8042 a2=1ff a3=8042 items=0 ppid=4447 pid=3892 auid=500 uid=0 g
id=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="lvm"
exe="/usr/sbin/lvm" subj=user_u:system_r:lvm_t:s0 key=(null)
type=AVC msg=audit(1176638158.027:1006): avc:  denied  { unlink } for  pid=3892
comm="lvm" name=".cache" dev=md1 ino=7858258 scontext=user_u:system_r:lvm_t:s0
tconte

Expected results:
That it run's without any denied message.
Comment 1 Daniel Walsh 2007-04-16 09:53:32 EDT
restorecon /etc/lvm/.cache

This file some times gets the wrong context on it.

You can add this file to 
/etc/selinux/restorecond.conf

And then run restorecond service, which should maintain the context.  The file
has been moved in FC7 to better maintain its context.

Note You need to log in before you can comment on or make changes to this bug.