Description of problem: "vgchange -an VolGroup01" pops a selinux violation. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-30.el5 selinux-policy-targeted-2.4.6-30.el5 lvm2-2.02.16-3.el5 system-config-lvm-1.0.22-1.0.el5 How reproducible: I was not able to reproduce in the environment it occured in. Steps to Reproduce: 1. 2. 3. Actual results: It apears to have left a de-activated Volume Group in /dev/mapper/, but otherwise it didnt impact functionality. Expected results: Additional info: Source Context: system_u:system_r:lvm_t:SystemLow-SystemHighTarget Context: system_u:object_r:device_tTarget Objects: VolGroup01 [ dir ]Affected RPM Packages: lvm2-2.02.16-3.el5 [application]Policy RPM: selinux-policy-2.4.6-30.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: chi-creedance2.checkfreeinvsvcs.comPlatform: Linux chi-creedance2.checkfreeinvsvcs.com 2.6.18-8.1.3.el5 #1 SMP Mon Apr 16 15:54:12 EDT 2007 i686 i686Alert Count: 1Line Numbers: Raw Audit Messages :avc: denied { rmdir } for comm="lvm" dev=tmpfs egid=0 euid=0 exe="/usr/sbin/lvm" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="VolGroup01" pid=4605 scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:lvm_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:device_t:s0 tty=pts0 uid=0
Fixed in selinux-policy-2.4.6-67 in u1. Preview release available in http://people.redhat.com/dwalsh/SELinux/RHEL5/u1
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Brian, could you try the new policy available at the link below and reply whether the new packages solve your problem. Thank you. http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0544.html