Hide Forgot
Description of problem: type=AVC msg=audit(1333319512.971:51): avc: denied { read } for pid=872 comm="drbdadm" name="urandom" dev="devtmpfs" ino=4641 scontext=unconfined_u:system_r:drbd_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=AVC msg=audit(1333319512.971:51): avc: denied { open } for pid=872 comm="drbdadm" name="urandom" dev="devtmpfs" ino=4641 scontext=unconfined_u:system_r:drbd_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1333319512.971:51): arch=x86_64 syscall=open success=yes exit=ENOEXEC a0=41f76b a1=0 a2=0 a3=7fffb3eb6110 items=0 ppid=871 pid=872 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=drbdadm exe=/usr/sbin/drbdadm subj=unconfined_u:system_r:drbd_t:s0 key=(null) Version-Release number of selected component (if applicable): Fedora 15 - Rawhide DRBD 8.3.11-* How reproducible: Start DRBD via the init script. (/etc/init.d/drbd start) Steps to Reproduce: 1. yum -y install drbd 2. /etc/init.d/drbd start 3. echo $? Actual results: Return code 20 along with SELinux denials. Expected results: Init script starts successfully. Additional info: There is one additional denial that crops up during the init script but it's due to drbdadm phoning home (I'll be correcting that very soon).
Fixed in selinux-policy-3.10.0-110.fc17
Thanks, Miroslav!
selinux-policy-3.10.0-110.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-110.fc17
selinux-policy-3.10.0-110.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.