Additional info: hashmarkername: setroubleshoot kernel: 3.6.7-5.fc18.x86_64 type: libreport
Created attachment 655032 [details] File: description
Fixed in selinux-policy-3.11.1-58.fc18.noarch
Doing a yum update that included selinux-policy-targeted.noarch 0:3.11.1-57.fc18 . I also saw this in the yum output: Updating : selinux-policy-targeted-3.11.1-57.fc18.noarch 26/100 libsepol.print_missing_requirements: permissive_consolekit_t's global requirements were not met: type/attribute consolekit_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). /usr/sbin/semodule: Failed! I think selinux-policy-targeted is trying to do stuff to ConsoleKit without first checking if it's present. CK is legacy stuff now and only present on older installs that have been updated, or installs of desktops which haven't yet migrated to the New Way Of Doing Things. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
selinux-policy-3.11.1-58.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-58.fc18
Package selinux-policy-3.11.1-59.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-59.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-59.fc18 then log in and leave karma (feedback).
*** Bug 882472 has been marked as a duplicate of this bug. ***
*** Bug 882356 has been marked as a duplicate of this bug. ***
*** Bug 881937 has been marked as a duplicate of this bug. ***
*** Bug 882486 has been marked as a duplicate of this bug. ***
*** Bug 882416 has been marked as a duplicate of this bug. ***
*** Bug 882638 has been marked as a duplicate of this bug. ***
*** Bug 882454 has been marked as a duplicate of this bug. ***
*** Bug 882640 has been marked as a duplicate of this bug. ***
*** Bug 882502 has been marked as a duplicate of this bug. ***
The following workaround together with "-59.fc18" build will be needed for "file_t" issues. # setenforce 0 # fixfiles restore # setenforce 1 It "only" affects updates-testing. Thank you for your testing so we caught this issue before updates repo.
Updated selinux* up "-59.fc18", but it did not remedy the problem: http://paste.stg.fedoraproject.org/2209/
Fomalhaut, could you re-mount it?
the 3.11.1-59 policy did not fix this problem. It fixed my consolekit problem, but not the denials on lost+found, gvfs-trash, and several other files. I updated to the 3.11.1-59 and did a full filesystem relabel as well. Still getting the denials.
As I mentioned in the other bug that you marked as a dupicate of this one, downgrading back to the 3.11.1-50 vesion fixed all of my issues.
Miroslav Grepl : http://paste.stg.fedoraproject.org/2210/
Here is what I am still getting after installing 3.11.1-59 and ran setenforce 0 fixfiles restore setenforce 1 ----- SELinux is preventing /usr/bin/ls from getattr access on the directory /mnt/Drive_J/lost+found. ***** Plugin file (36.8 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin file (36.8 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin catchall_labels (23.2 confidence) suggests ******************** If you want to allow ls to have getattr access on the lost+found directory Then you need to change the label on /mnt/Drive_J/lost+found Do # semanage fcontext -a -t FILE_TYPE '/mnt/Drive_J/lost+found' where FILE_TYPE is one of the following: httpd_sys_content_t, var_run_t, user_home_dir_t, systemd_logind_var_run_t, policykit_reload_t, systemd_passwd_var_run_t, gconf_home_t, home_root_t, init_var_run_t, gnome_home_t, httpd_user_content_t, admin_home_t, var_lib_t, var_run_t, httpd_user_script_exec_t, gconf_home_t, home_root_t, user_home_type, fsadm_var_run_t, sysctl_crypto_t, etc_t, boolean_type, krb5kdc_conf_t, krb5_host_rcache_t, chrome_sandbox_t, virt_home_t, winbind_var_run_t, readable_t, user_tmp_type, user_home_dir_t, systemd_logind_var_run_t, file_type, systemd_passwd_var_run_t, home_root_t, cfengine_var_lib_t, etc_t, mail_spool_t, user_home_dir_t, device_t, device_t, devpts_t, sysctl_vm_t, cert_t, user_tmpfs_type, proc_net_t, etc_t, cert_type, selinux_config_t, cgroup_t, sysfs_t, tmpfs_t, var_t, abrt_var_run_t, config_home_t, bin_t, boot_t, init_var_run_t, init_t, var_run_t, setrans_var_run_t, root_t, user_home_dir_t, device_t, tmp_t, usr_t, locale_t, var_t, sssd_public_t, etc_t, user_tmp_t, cupsd_etc_t, proc_t, sysfs_t, postfix_etc_t, device_t, tmp_t, tmp_t, var_t, sysctl_t, abrt_t, bin_t, etc_t, base_ro_file_type, unlabeled_t, lib_t, man_t, likewise_var_lib_t, mnt_t, user_tmp_t, alsa_etc_rw_t, proc_t, proc_type, public_content_rw_t, public_content_t, cgroup_t, root_t, sysfs_t, tmpfs_t, tmp_t, usr_t, var_t, sysctl_kernel_t, etc_mail_t, config_home_t, bin_t, cert_t, unconfined_dbusd_t, sysctl_vm_overcommit_t, init_t, cpu_online_t, mandb_cache_t, root_t, user_fonts_t, system_cronjob_var_lib_t, thumb_t, tmp_t, usr_t, var_t, mqueue_spool_t, krb5_conf_t, systemd_logind_sessions_t, policykit_var_lib_t, user_tmp_t, telepathy_data_home_t, semanage_store_t, cfengine_var_lib_t, telepathy_cache_home_t, systemd_unit_file_type, filesystem_type, user_fonts_t, user_home_t, cache_home_t, data_home_t, textrel_shlib_t, nx_server_var_lib_t, sysctl_type, device_t, devpts_t, var_spool_t, etc_t, cache_home_t, nscd_var_run_t, nslcd_var_run_t, data_home_t, sandbox_file_t, samba_var_t, proc_t, var_lib_t, var_run_t, smbd_var_run_t, user_fonts_config_t, cgroup_t, rpm_script_tmp_t, src_t, sysfs_t, tmpfs_t, sssd_var_lib_t, var_log_t, sysctl_type, modules_object_t, sysctl_t, avahi_var_run_t, home_root_t, bin_t, security_t, init_var_run_t, lib_t, samba_etc_t, mnt_t, var_lib_t, var_run_t, net_conf_t, systemd_unit_file_type, virt_var_run_t, usr_t, var_t, abrt_var_run_t, security_t, security_t, domain, rpm_log_t, default_t, var_run_t, var_log_t, unconfined_t, abrt_var_run_t, krb5_host_rcache_t, sysctl_kernel_t, sysfs_t, device_t, var_t, var_t, proc_t, sysctl_t, bin_t, security_t, mozilla_plugin_rw_t, nscd_var_run_t, pcscd_var_run_t, var_run_t, var_run_t, mozilla_plugin_t. Then execute: restorecon -v '/mnt/Drive_J/lost+found' ***** Plugin catchall (5.04 confidence) suggests *************************** If you believe that ls should be allowed getattr access on the lost+found directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ls /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context system_u:object_r:file_t:s0 Target Objects /mnt/Drive_J/lost+found [ dir ] Source ls Source Path /usr/bin/ls Port <Unknown> Host tower20.home Source RPM Packages coreutils-8.17-6.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-59.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name tower20.home Platform Linux tower20.home 3.6.7-5.fc18.x86_64 #1 SMP Tue Nov 20 19:40:08 UTC 2012 x86_64 x86_64 Alert Count 1 First Seen 2012-12-03 12:20:58 CST Last Seen 2012-12-03 12:20:58 CST Local ID 5006f3a6-a4a1-4a39-8856-4920a41176a1 Raw Audit Messages type=AVC msg=audit(1354558858.408:345): avc: denied { getattr } for pid=7518 comm="ls" path="/mnt/Drive_J/lost+found" dev="sdc1" ino=11 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir type=SYSCALL msg=audit(1354558858.408:345): arch=x86_64 syscall=lstat success=no exit=EACCES a0=7fff7bb68300 a1=1f62f70 a2=1f62f70 a3=1f60330 items=0 ppid=1415 pid=7518 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm=ls exe=/usr/bin/ls subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: ls,unconfined_t,file_t,dir,getattr ----
Well the problem is some of these dirs are not going to be fixed by restorecon. For exaple # matchpathcon /mnt/Drive_J/lost+found /mnt/Drive_J/lost+found <<none>> <<none>> means the label is not going to be restored. We added some fixes related to file_t because we want to see if something is labeled file_t. Daniel, could you also try to re-mount /mnt/Drive_J?
Also what does # grep systemd-udevd /var/log/messages
remounting the filesystem doesn't change things any at all. I still am getting numeous denials on that drive and others as well. # grep systemd-udevd /var/log/messages Gives me no output. Nothing is found. I am getting the denials on numerous files, though. Here is a clip from /var/log/audit/audit.log that has some of the denials. ------- type=AVC msg=audit(1354564655.173:299): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/Drive_J/lost+found" dev="sdc1" ino=11 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567749.037:313): avc: denied { getattr } for pid=2202 comm="ls" path=2F6D6E742F426C61636B41726D6F7244726976652F5365616761746520426C61636B41726D6F72 dev="sdd1" ino=1222913 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567749.078:314): avc: denied { getattr } for pid=2202 comm="ls" path="/mnt/BlackArmorDrive/myunrar2" dev="sdd1" ino=13 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.078:315): avc: denied { getattr } for pid=2202 comm="ls" path="/mnt/BlackArmorDrive/myunrar" dev="sdd1" ino=12 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.099:316): avc: denied { getattr } for pid=2202 comm="ls" path="/mnt/BlackArmorDrive/myunrar4" dev="sdd1" ino=15 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.149:317): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path=2F6D6E742F426C61636B41726D6F7244726976652F5365616761746520426C61636B41726D6F72 dev="sdd1" ino=1222913 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567749.191:318): avc: denied { getattr } for pid=2202 comm="ls" path="/mnt/BlackArmorDrive/myunrar3" dev="sdd1" ino=14 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.233:319): avc: denied { getattr } for pid=2202 comm="ls" path="/mnt/BlackArmorDrive/lost+found" dev="sdd1" ino=11 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567749.504:320): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path=2F6D6E742F426C61636B41726D6F7244726976652F5365616761746520426C61636B41726D6F72 dev="sdd1" ino=1222913 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567749.581:321): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar2" dev="sdd1" ino=13 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.924:322): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar2" dev="sdd1" ino=13 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567749.971:323): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar" dev="sdd1" ino=12 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567750.308:324): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar" dev="sdd1" ino=12 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567750.356:325): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar4" dev="sdd1" ino=15 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567750.694:326): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar4" dev="sdd1" ino=15 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567750.741:327): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar3" dev="sdd1" ino=14 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567751.082:328): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/myunrar3" dev="sdd1" ino=14 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1354567751.132:329): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/lost+found" dev="sdd1" ino=11 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir type=AVC msg=audit(1354567751.474:330): avc: denied { getattr } for pid=1407 comm="setroubleshootd" path="/mnt/BlackArmorDrive/lost+found" dev="sdd1" ino=11 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir ----------
How do you mount it?
It is mounted in my /etc/fstab Here is the line that mounts that drive: LABEL=Drive\040J /mnt/Drive_J ext4 defaults,noatime,comment=systemd.mount 0 2
Relabel will not put labels on a disk mounted under /mnt, since it has no way to know what to label this. If you want this shared with everyone I would label it usr_t chcon -t usr_t /mnt/BlackArmorDrive Or mount it with a context mount mount -o context="system_u:object_r:usr_t:s0" ...
dwalsh: should we have some kind of default for stuff mounted under /mnt ? it's an old standard, but one a lot of people still use.
ok, then what put the label on it in the first place. Those filesystems have always been mounted under /mnt. Something labelled it to begin with. With setenforce 0 [root@tower20 Drive_J]# ls -alZ drwxrwxrwx. root root system_u:object_r:usr_t:s0 . drwxr-xr-x. root root system_u:object_r:mnt_t:s0 .. drwxrwxrwx. root root system_u:object_r:file_t:s0 lost+found This is what I get with setenforce 1 [root@tower20 Drive_J]# ls -alZ ls: cannot access lost+found: Permission denied drwxrwxrwx. root root system_u:object_r:usr_t:s0 . drwxr-xr-x. root root system_u:object_r:mnt_t:s0 .. ?--------- ? ? lost+found
Ok, I just fixed the issue here by creating a policy to allow access.. [root@tower20 /]# grep ls /var/log/audit/audit.log | audit2allow -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp [root@tower20 /]# semodule -i mypol.pp [root@tower20 /]# cd /mnt/Drive_J [root@tower20 Drive_J]# ls -alZ drwxrwxrwx. root root system_u:object_r:usr_t:s0 . drwxr-xr-x. root root system_u:object_r:mnt_t:s0 .. drwxrwxrwx. root root system_u:object_r:file_t:s0 lost+found drwxrwxrwx. Me Me unconfined_u:object_r:mnt_t:s0 Seeding So for me, it's fixed for the time being.
extracting android system.img using dxdia kitchen. audit2allow not working (command not found) Package: (null) OS Release: Fedora release 18 (Spherical Cow)
*** Bug 883187 has been marked as a duplicate of this bug. ***
Any chance anybody sees "Failed to set security context (null) for" in the /var/log/messages?
(In reply to comment #33) > extracting android system.img using dxdia kitchen. audit2allow not working > (command not found) > > Package: (null) > OS Release: Fedora release 18 (Spherical Cow) You need to install the policycoreutils-devel package to get audit2allow yum install policycoreutils-devel ------- Miroslav, I am not getting any of those messages in my /var/log/messages file here.
Miroslav, $ grep "Failed to set security context" /var/log/messages Dec 4 06:37:37 fmhstar systemd-udevd[10259]: Failed to set security context (null) for /dev/input: File exists Dec 4 06:37:37 fmhstar systemd-udevd[10259]: Failed to set security context (null) for /dev/input/by-id: File exists Dec 4 06:39:16 fmhstar systemd-udevd[10421]: Failed to set security context (null) for /dev/disk: File exists Dec 4 06:39:16 fmhstar systemd-udevd[10421]: Failed to set security context (null) for /dev/disk/by-path: File exists
To open an usb external disk or open partition not in /etc/fstab Package: (null) Architecture: i686 OS Release: Fedora release 18 (Spherical Cow)
Trying to update nfs-utils to 1:1.2.7-1.fc18. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
Still happening with -59 here. I did a full relabel after -59 was installed, no dice. I still get denials for /media/Sea500/images and /media/Sea500/lost+found .
I don't have any 'Failed to set security context' errors in /var/log/messages .
(In reply to comment #39) > Trying to update nfs-utils to 1:1.2.7-1.fc18. > > Package: (null) > OS Release: Fedora release 18 (Spherical Cow) the problem is with filesystem ext3 and ext4. Filesystem ntfs and fat is read and write with no problems.
Guys, could you try to install these new builds http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.11.1/60.fc18/noarch/selinux-policy-3.11.1-60.fc18.noarch.rpm http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.11.1/60.fc18/noarch/selinux-policy-devel-3.11.1-60.fc18.noarch.rpm http://kojipkgs.fedoraproject.org//packages/selinux-policy/3.11.1/60.fc18/noarch/selinux-policy-targeted-3.11.1-60.fc18.noarch.rpm to see if it fixes these issues.
Miroslav: 3.11.1-60 indeed appears to have fixed the file_t denials I was having, but I wish to make certain of something. I created a policy (noted in comment 32 above) to allow the access. Does the update to selinux-policy and selinux-policy-targeted clear out the policy I manually created, or do I need to do something else to clear out the manual policy I created? Also, I ran a complete filesystem relabel after installing selinux-policy 3.11.1-60 and I am getting a message on the relabel that I don't think I was getting with 3.11.1-59 SELinux: Context system_u:object_r:consoletype_exec_t:s0 is not valid (left unmapped)
Run # semodule -r mypol
Package selinux-policy-3.11.1-60.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-60.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-60.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-60.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 885215 has been marked as a duplicate of this bug. ***
Not yet fixed for me using selinux-policy-targeted-3.11.1-76.fc18.noarch selinux-policy-3.11.1-76.fc18.noarch When using USB stick, /var/log/messages shows Feb 11 22:22:27 localhost kernel: [19656.149559] usb 3-2: new high-speed USB device number 10 using xhci_hcd Feb 11 22:22:27 localhost kernel: [19656.164033] usb 3-2: New USB device found, idVendor=1234, idProduct=0123 Feb 11 22:22:27 localhost kernel: [19656.164041] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Feb 11 22:22:27 localhost kernel: [19656.164045] usb 3-2: Product: DISK Feb 11 22:22:27 localhost kernel: [19656.164048] usb 3-2: Manufacturer: USB Feb 11 22:22:27 localhost kernel: [19656.164051] usb 3-2: SerialNumber: 9BC20800FFFF17BE Feb 11 22:22:27 localhost kernel: [19656.166715] scsi14 : usb-storage 3-2:1.0 Feb 11 22:22:27 localhost mtp-probe: checking bus 3, device 10: "/sys/devices/pci0000:00/0000:00:14.0/usb3/3-2" Feb 11 22:22:27 localhost mtp-probe: bus: 3, device: 10 was not an MTP device Feb 11 22:22:28 localhost kernel: [19657.190236] scsi 14:0:0:0: Direct-Access USB DISK DL13 PQ: 0 ANSI: 4 Feb 11 22:22:28 localhost kernel: [19657.191790] sd 14:0:0:0: Attached scsi generic sg2 type 0 Feb 11 22:22:29 localhost kernel: [19657.797966] sd 14:0:0:0: [sdb] 7843840 512-byte logical blocks: (4.01 GB/3.74 GiB) Feb 11 22:22:29 localhost kernel: [19657.798258] sd 14:0:0:0: [sdb] Write Protect is off Feb 11 22:22:29 localhost kernel: [19657.798662] sd 14:0:0:0: [sdb] No Caching mode page present Feb 11 22:22:29 localhost kernel: [19657.798681] sd 14:0:0:0: [sdb] Assuming drive cache: write through Feb 11 22:22:29 localhost kernel: [19657.802014] sd 14:0:0:0: [sdb] No Caching mode page present Feb 11 22:22:29 localhost kernel: [19657.802021] sd 14:0:0:0: [sdb] Assuming drive cache: write through Feb 11 22:22:29 localhost kernel: [19657.816724] sdb: sdb1 Feb 11 22:22:29 localhost kernel: [19657.818149] sd 14:0:0:0: [sdb] No Caching mode page present Feb 11 22:22:29 localhost kernel: [19657.818158] sd 14:0:0:0: [sdb] Assuming drive cache: write through Feb 11 22:22:29 localhost kernel: [19657.818165] sd 14:0:0:0: [sdb] Attached SCSI removable disk Feb 11 22:22:30 localhost systemd-udevd[27011]: Failed to set security context (null) for /dev/disk: File exists Feb 11 22:22:30 localhost systemd-udevd[27011]: Failed to set security context (null) for /dev/disk/by-path: File exists last two lines repeated ad infinitum. setenforce 0 seems to be a workaround
I get this error as well with selinux-policy-targeted-3.11.1-76.fc18.noarch and selinux-policy-3.11.1-76.fc18.noarch, although it only happens sometimes. Killing all systemd-udevd processes fixes it.