Description of problem: Detailed Description SELinux denied access requested by /sbin/udevd. It is not expected that this access is required by /sbin/udevd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for par0, restorecon -v par0 If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access Version-Release number of selected component (if applicable): selinux-policy-2.6.4-46.fc7 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: restorecon -v par0 lstat(par0) failed: No such file or directory Expected results: Command should work or Policy allows access to program Additional info: Source Context system_u:system_r:udev_t:SystemLow-SystemHigh Target Context system_u:object_r:device_t Target Objects par0 [ lnk_file ] Affected RPM Packages udev-115-4.20070921git.fc7 [application] Policy RPM selinux-policy-2.6.4-46.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name timmieland.private Platform Linux timmieland.private 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlon Alert Count 2 First Seen Fri 12 Oct 2007 10:50:07 PM MDT Last Seen Sat 13 Oct 2007 10:17:19 PM MDT Local ID 50eedaf9-16a0-4ee7-97b7-9eff9302f09d Line Numbers Raw Audit Messages avc: denied { relabelfrom } for comm="udevd" dev=tmpfs egid=0 euid=0 exe="/sbin/udevd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="par0" pid=8940 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
udev should not be relabing from device_t for lnk_file.
(In reply to comment #1) > udev should not be relabing from device_t for lnk_file. Okay, and that means...?
I got this one, seems like the same bug to me. Summary SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to ramdisk (device_t). Detailed Description SELinux denied access requested by /sbin/udevd. It is not expected that this access is required by /sbin/udevd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:udev_t:SystemLow-SystemHighTarget Context: system_u:object_r:device_tTarget Objects: ramdisk [ lnk_file ]Affected RPM Packages: udev-113-12.fc7 [application]Policy RPM: selinux-policy-2.6.4-48.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchallHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.22.9-91.fc7 #1 SMP Thu Sep 27 23:10:59 EDT 2007 i686 athlonAlert Count: 1First Seen: Wed 31 Oct 2007 08:40:34 PM CETLast Seen: Wed 31 Oct 2007 08:40:34 PM CETLocal ID: 0f27d74a-3ec2-4f0a-963f-58e1847f6b04Line Numbers: Raw Audit Messages : avc: denied { relabelfrom } for comm="udevd" dev=tmpfs egid=0 euid=0 exe="/sbin/udevd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="ramdisk" pid=3462 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.6.4-53.fc7