Bug 243525 - SELinux is preventing /sbin/lvm.static (lvm_t) "write" to .cache (lvm_etc_t).
Summary: SELinux is preventing /sbin/lvm.static (lvm_t) "write" to .cache (lvm_etc_t).
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-09 12:47 UTC by Stephanos Manos
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: selinux-policy-2.6.4-14.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-19 16:17:03 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Stephanos Manos 2007-06-09 12:47:23 UTC 
Description of problem:
whenever i start my system setroubleshoot logs the following 

Summary
    SELinux is preventing /sbin/lvm.static (lvm_t) "write" to .cache
    (lvm_etc_t).

Detailed Description
    SELinux denied access requested by /sbin/lvm.static. It is not expected that
    this access is required by /sbin/lvm.static and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for .cache, restorecon -v .cache If
    this does not work, there is currently no automatic way to allow this
    access. Instead,  you can generate a local policy module to allow this
    access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you
    can disable SELinux protection altogether. Disabling SELinux protection is
    not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:lvm_t
Target Context                system_u:object_r:lvm_etc_t
Target Objects                .cache [ file ]
Affected RPM Packages         lvm2-2.02.24-1.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-13.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     ghost.home-net
Platform                      Linux ghost.home-net 2.6.21-1.3194.fc7 #1 SMP Wed
                              May 23 22:35:01 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Σαβ 09 Ιούν 2007 03:39:43 μμ EEST
Last Seen                     Σαβ 09 Ιούν 2007 03:39:43 μμ EEST
Local ID                      51a26b21-f87e-4e37-a86d-cca740c20435
Line Numbers                  

Raw Audit Messages            

avc: denied { write } for comm="lvm.static" dev=dm-3 egid=0 euid=0
exe="/sbin/lvm.static" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=".cache"
pid=2534 scontext=system_u:system_r:lvm_t:s0 sgid=0
subj=system_u:system_r:lvm_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lvm_etc_t:s0 tty=(none) uid=0
Comment 1 Stephanos Manos 2007-06-19 16:17:03 UTC 
seems to be fixed in the latest policy selinux-policy-2.6.4-14.fc7
Note You need to log in before you can comment on or make changes to this bug.