From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Description of problem: This is the output from from the following command: sealert -l a8fc1d5a-19e8-4377-a80a-bd1e92eb907b <output> Summary SELinux is preventing /usr/sbin/hald (hald_t) "getattr" access to device /dev/drbd1. Detailed Description SELinux has denied the /usr/sbin/hald (hald_t) "getattr" access to device /dev/drbd1. /dev/drbd1 is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v /dev/drbd1. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for /dev/drbd1, you can use chcon -t SIMILAR_TYPE /dev/drbd1, If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE /dev/drbd1 If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application. Allowing Access Attempt restorecon -v /dev/drbd1 or chcon -t SIMILAR_TYPE /dev/drbd1 Additional Information Source Context system_u:system_r:hald_t Target Context system_u:object_r:device_t Target Objects /dev/drbd1 [ blk_file ] Affected RPM Packages hal-0.5.8.1-19.el5 [application] Policy RPM selinux-policy-2.4.6-30.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.device Host Name golden.santekdev.com Platform Linux golden.santekdev.com 2.6.18-8.1.8.el5.centos.plus #1 SMP Mon Jul 16 08:49:50 EDT 2007 i686 athlon Alert Count 35 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="hald" dev=tmpfs egid=68 euid=68 exe="/usr/sbin/hald" exit=-13 fsgid=68 fsuid=68 gid=68 items=0 name="drbd1" path="/dev/drbd1" pid=2443 scontext=system_u:system_r:hald_t:s0 sgid=68 subj=system_u:system_r:hald_t:s0 suid=68 tclass=blk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=68 </output> Version-Release number of selected component (if applicable): hal-0.5.8.1-19.el5 How reproducible: Always Steps to Reproduce: 1. reboot machine 2. 3. Actual Results: Check /var/log/messages and find these errors: SELinux is preventing /usr/sbin/hald (hald_t) "getattr" access to device /dev/drbd0 SELinux is preventing /usr/sbin/hald (hald_t) "getattr" access to device /dev/drbd1 Expected Results: Additional info: I have tried the following command: restorecon -v /dev/drbd1 with no success
This is a problem in SELinux labeling and probably is not causing a problem. I will fix the labeling in selinux-policy-2.4.6-108.el5
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html