Philippe Naudin
2011-Nov-03 12:28 UTC
[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm="smartd"
name="megadev0" dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves the
problem, but is this the best solution ?
Thanks,
--
Philippe Naudin
UMR MISTEA : Math?matiques, Informatique et STatistique pour
l'Environnement et l'Agronomie
INRA, b?timent 29 - 2 place Viala - 34060 Montpellier cedex 2
t?l: 04.99.61.26.34, fax: 04.99.61.29.03, m?l: naudin at supagro.inra.fr
Daniel J Walsh
2011-Nov-03 13:31 UTC
[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/03/2011 08:28 AM, Philippe Naudin wrote:> Hello, > > After updating to CentOS-5.7, I have a (small) problem : > > The context of /dev/megadev0 is now defined (in > /etc/selinux/targeted/contexts/files/file_contexts) as > system_u:object_r:removable_device_t:s0. > > This cause smartmontools to fail : avc: denied { read write } for > pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 > scontext=system_u:system_r:fsdaemon_t:s0 > tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file > > Changing the context (of megadev0) to fixed_disk_device_t solves > the problem, but is this the best solution ? > > Thanks, >Should medadev0 be labeled as removable_device_t? This is usually the label of cdrom/dvdrives drives. grep removable_device_t /etc/selinux/targeted/contexts/files/file_contexts /dev/p[fg][0-3] -b system_u:object_r:removable_device_t:s0 /dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t:s0 /dev/pg[0-3] -c system_u:object_r:removable_device_t:s0 /dev/fd[^/]+ -b system_u:object_r:removable_device_t:s0 /dev/ub[a-z][^/]+ -b system_u:object_r:removable_device_t:s0 /dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t:s0 /dev/cdu.* -b system_u:object_r:removable_device_t:s0 /dev/pcd[0-3] -b system_u:object_r:removable_device_t:s0 /dev/mcdx? -b system_u:object_r:removable_device_t:s0 /dev/cm20.* -b system_u:object_r:removable_device_t:s0 /dev/sbpcd.* -b system_u:object_r:removable_device_t:s0 /dev/mmcblk.* -b system_u:object_r:removable_device_t:s0 /dev/mspblk.* -b system_u:object_r:removable_device_t:s0 /dev/megadev.* -c system_u:object_r:removable_device_t:s0 /dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0 /dev/sjcd -b system_u:object_r:removable_device_t:s0 /dev/gscd -b system_u:object_r:removable_device_t:s0 /dev/bpcd -b system_u:object_r:removable_device_t:s0 /dev/optcd -b system_u:object_r:removable_device_t:s0 /dev/hitcd -b system_u:object_r:removable_device_t:s0 /dev/aztcd -b system_u:object_r:removable_device_t:s0 /dev/sonycd -b system_u:object_r:removable_device_t:s0 /dev/hwcdrom -b system_u:object_r:removable_device_t:s0 /dev/usb/rio500 -c system_u:object_r:removable_device_t:s0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb26wX7vQdBLhBJrW RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml =XeFd -----END PGP SIGNATURE-----