Hide Forgot
SELinux is preventing /usr/sbin/hddtemp from 'read' accesses on the blk_file sdf. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that hddtemp should be allowed read access on the sdf blk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep hddtemp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:hddtemp_t:s0 Target Context system_u:object_r:removable_t:s0 Target Objects sdf [ blk_file ] Source hddtemp Source Path /usr/sbin/hddtemp Port <Unknown> Host (removed) Source RPM Packages hddtemp-0.3-0.20.beta15.fc13 Target RPM Packages Policy RPM selinux-policy-3.9.7-25.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.10-74.fc14.x86_64 #1 SMP Thu Dec 23 16:04:50 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Thu 27 Jan 2011 11:41:08 PM EST Last Seen Thu 27 Jan 2011 11:41:08 PM EST Local ID 901e4d9c-7017-4c9d-b37f-dbbcde91f93b Raw Audit Messages type=AVC msg=audit(1296189668.427:256): avc: denied { read } for pid=8076 comm="hddtemp" name="sdf" dev=devtmpfs ino=32982 scontext=system_u:system_r:hddtemp_t:s0 tcontext=system_u:object_r:removable_t:s0 tclass=blk_file type=SYSCALL msg=audit(1296189668.427:256): arch=x86_64 syscall=open success=no exit=EACCES a0=7fffb6516f7d a1=800 a2=0 a3=c0 items=0 ppid=8075 pid=8076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=hddtemp exe=/usr/sbin/hddtemp subj=system_u:system_r:hddtemp_t:s0 key=(null) Hash: hddtemp,hddtemp_t,removable_t,blk_file,read audit2allow #============= hddtemp_t ============== allow hddtemp_t removable_t:blk_file read; audit2allow -R #============= hddtemp_t ============== allow hddtemp_t removable_t:blk_file read;
Did you mount your disk with the following option "context=system_u:object_r:removable_t" Since # matchpathcon /dev/sdf /dev/sdf system_u:object_r:fixed_disk_device_t:s0 and # sesearch -A -s hddtemp_t -t fixed_disk_device_t -c blk_file Found 1 semantic av rules: allow hddtemp_t fixed_disk_device_t : blk_file { ioctl read getattr lock open } ;
Miroslav I think under certain circumstances udev/hal will mount a removable disk and label it removable_t.
Then I will allow it.
Fixed in selinux-policy-3.9.7-28.fc14
selinux-policy-3.9.7-28.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-28.fc14
selinux-policy-3.9.7-28.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-28.fc14
selinux-policy-3.9.7-28.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.