Bug 274361 - selinux blocks swapon when called from /etc/rc.d/rc.sysinit
selinux blocks swapon when called from /etc/rc.d/rc.sysinit
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-09-02 04:26 EDT by Bill C. Riemers
Modified: 2008-01-30 14:18 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:18:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bill C. Riemers 2007-09-02 04:26:37 EDT
Description of problem:

For the past few weeks, my swap has not been activating when booting.   I
checked the log files, and found the following error:

SELinux: initialized (dev dm-1, type ext3), uses xattr
audit(1188719417.651:4): avc:  denied  { execute } for  pid=1702 comm="swapon"
name="mkswap" dev=dm-2 ino=459103 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file

Version-Release number of selected component (if applicable):

How reproducible:

Every reboot.

Steps to Reproduce:
I am not sure what initially caused this to start happening.  Once it does
happen, only one thing is need to make it happen again.
1. reboot
2. examine /var/log/dmesg
Actual results:

Boot appears to proceed normally, but after logging in I find my swap partition
has not been activated.  Manually running "sudo swapon -a" works normally.

Expected results:

Swap should be activated at boot without an SELinux error.

Additional info:
Comment 1 Bill C. Riemers 2007-09-02 04:48:13 EDT
After further examination, I think this problem is related to the fact swapon
will automatically call mkswap if the swap device contains hibernate
information.  In other words a policy is needed for swapon to allow it to call
mkswap so swap can be loaded after a failed hibernate restore.

Comment 2 Daniel Walsh 2007-09-04 10:59:27 EDT
Fixed in selinux-policy-2.6.4-41.fc7.src.rpm
Comment 3 Daniel Walsh 2008-01-30 14:18:22 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.