From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070529 Red Hat/1.5.0.12-1.el5 Firefox/1.5.0.12 Description of problem: When starting multipathd (device-mapper-multipath-0.4.7-11.fc7), the following messages show up in the syslog. Jun 28 10:31:56 hat udevd-event[32056]: selinux_setfilecon: setfilecon /dev/mpath/mpath1 failed: Permission denied Jun 28 10:31:57 hat udevd-event[32068]: selinux_setfilecon: setfilecon /dev/mpath/mpath0 failed: Permission denied Jun 28 10:31:59 hat setroubleshoot: SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to mpath1 (device_t). For complete SELinux messages. run sealert -l 58864d45-e809-4376-8fbf-8663f311b6df Jun 28 10:31:59 hat setroubleshoot: SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to mpath0 (device_t). For complete SELinux messages. run sealert -l 9ab5fe8c-f779-44f5-9783-75791cb8c248 But checking the context of the files in /dev/mpath, it already seems to be the corretc one: [root@hat mpath]# ls -lZ /dev/mpath/mpath0 lrwxrwxrwx root root system_u:object_r:device_t /dev/mpath/mpath0 -> ../dm-2 Which makes me think that udev really shouldn't try to run setfilecon... I'm using selinux-policy-targeted-2.6.4-21.fc7 and the details of the selinux-error: avc: denied { relabelfrom } for comm="udevd" dev=tmpfs egid=0 euid=0 exe="/sbin/udevd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="mpath1" pid=32056 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): udev-106-4.fc7 How reproducible: Always Steps to Reproduce: 1. service multipathd start Actual Results: Expected Results: Additional info:
well, udevd should really setfilecon :)
So switching the component to selinux-policy then (-:
Fixed in selinux-policy-2.6.4-24
Closing as fixes are in the current release