246795 – SELinux is preventing /usr/sbin/lvm (lvm_t) "write" to .cache (lvm_etc_t).

Bug 246795 - SELinux is preventing /usr/sbin/lvm (lvm_t) "write" to .cache (lvm_etc_t).

Summary: SELinux is preventing /usr/sbin/lvm (lvm_t) "write" to .cache (lvm_etc_t).

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy-targeted
Sub Component:
Version:	5.0
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-04 22:55 UTC by Arthur Kriewald
Modified:	2012-10-16 08:13 UTC (History)
CC List:	3 users (show)
Fixed In Version:	RHBA-2007-0544
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-07 16:40:19 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2007:0544	0	normal	SHIPPED_LIVE	selinux-policy bug fix update	2007-11-08 14:16:49 UTC

Description Arthur Kriewald 2007-07-04 22:55:05 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

Description of problem:
SELinux denied access requested by /usr/sbin/lvm. It is not expected that this access is required by /usr/sbin/lvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for .cache, restorecon -v .cache If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-30.el5

How reproducible:
Sometimes


Steps to Reproduce:
1.System --> Administration --> Logical Volume Management
2.
3.

Actual Results:
selinux troubleshooter displays alert

Expected Results:


Additional info:

Comment 1 Arthur Kriewald 2007-07-04 22:56:42 UTC

This is running CentOS 5 kernel, CentOS release 5 (Final)
2.6.18-8.1.6.el5

Comment 2 Daniel Walsh 2007-07-06 13:23:06 UTC

restorecon -R -v /etc/lvm should fix the problem.  You can get the update u1
policy from 

http://people.redhat.com/dwalsh/SELinux/RHEL5

I believe a permanant fix for this is coming from LVM.

Comment 4 RHEL Program Management 2007-07-06 14:04:51 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 7 Eduard Benes 2007-08-23 12:18:02 UTC

Could you try the new policy available at the link below and reply 
whether the new packages solve your problem. Thank you.

http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/

Comment 10 errata-xmlrpc 2007-11-07 16:40:19 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0544.html

Note You need to log in before you can comment on or make changes to this bug.