Bug 835835 - Bad context of /dev/twa on RHEL7
Bad context of /dev/twa on RHEL7
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Michal Trunecka
Depends On:
  Show dependency treegraph
Reported: 2012-06-27 05:01 EDT by Michal Trunecka
Modified: 2014-09-30 19:33 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-13 07:44:58 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Trunecka 2012-06-27 05:01:52 EDT
Description of problem:
The RHEL6 test is checking if /dev/twa has context fixed_disk_device_t
but on RHEL7 it has context device_t. According to mail from mgrepl it is not correct and should be fixed.

The test is based on this bug:

Version-Release number of selected component (if applicable):
Comment 1 Miroslav Grepl 2012-06-28 09:40:01 EDT
what does 

# grep -r tw /etc/selinux/targeted/contexts/files/ |grep fixed
/etc/selinux/targeted/contexts/files/file_contexts:/dev/tw[a-z][^/]+	-c	system_u:object_r:fixed_disk_device_t:s0

on RHEL7 system?
Comment 2 Milos Malik 2012-06-28 10:00:10 EDT
# matchpathcon /dev/twa
/dev/twa	system_u:object_r:device_t:s0
# matchpathcon /dev/twa0
/dev/twa0	system_u:object_r:fixed_disk_device_t:s0
# grep -r tw /etc/selinux/targeted/contexts/files/ | grep fixed
/etc/selinux/targeted/contexts/files/file_contexts:/dev/tw[a-z][^/]+	-c	system_u:object_r:fixed_disk_device_t:s0
Comment 3 Daniel Walsh 2012-06-29 18:31:33 EDT
+ means there has to be a non / after /dev/tw[a-z]

If we want to match on /dev/twa then we need /dev/tw[a-z][^/]*
Comment 5 Ludek Smid 2014-06-13 07:44:58 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.