search for: blk_file

...r/log/audit/audit.log | grep type=AVC type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdc" dev=devtmpfs ino=6327 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file type=AVC msg=audit(1357993548.965:8530): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdd" dev=devtmpfs ino=6321 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file type=AVC msg=audit(1357993548....

...=file permissive=0 type=AVC msg=audit(1556724763.464:1133343): avc: denied { getattr } for pid=8316 comm="growisofs" path="/dev/dm-1" dev="devtmpfs" ino=21192 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0 type=AVC msg=audit(1556724763.464:1133344): avc: denied { getattr } for pid=8316 comm="growisofs" path="/dev/sda2" dev="devtmpfs" ino=11888 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_f...

...gt; allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom relabelto))) neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil: 13121 (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read))) <root> allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581 (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock open))) ......... or is a other way to include policies better ? -- mit freundlichen Gr?ssen / best regards G?nther J. Nie...

...edhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:pam_console_t:SystemLow- SystemHigh Target Context system_u:object_r:virt_content_t Target Objects /dev/hda [ blk_file ] Source pam_console_app Source Path /sbin/pam_console_apply Port <Unknown> Host desk.mcguffeyfamily.net Source RPM Packages internallab pam-0.99.6.2-6.el5_5.2 Target RPM Packages Po...

Daniel P. Berrangé <berrange@redhat.com> writes: > On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >> Hi, >> > >> I've met two situations with NVDIMM support in libvirt where I'm not >> sure all the parties (libvirt & I) do the things correctly. >> >> The first problem is with memory alignment and size changes. In

...not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy SELinux: permission open in class chr_file not defined in policy SELinux: permission open in class blk_file not defined in policy SELinux: permission open in class sock_file not defined in policy SELinux: permission open in class fifo_file not defined in policy SELinux: permission recvfrom in class node not defined in policy SELinux: permission sendto in class node not defined in policy SELinux: per...

...system_u:system_r:svirt_t:s0:c216,c981 tcontext=system_u:object_r:svirt_image_t:s0:c216,c981 tclass=chr_file permissive=0 Indeed, svirt_t map access to svirt_image_t is allowed only for files and block devices: # sesearch -A -p map -s svirt_t -t svirt_image_t ... allow svirt_t svirt_image_t:blk_file map; allow svirt_t svirt_image_t:file map; What to do about it? Do I handle the NVDIMM in a wrong way or should sVirt policies be fixed? Thanks, Milan

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

...nux: Permission watch_sb in class chr_file not defined in policy. [ 9.689943] SELinux: Permission watch_with_perm in class chr_file not defined in policy. [ 9.689944] SELinux: Permission watch_reads in class chr_file not defined in policy. [ 9.689946] SELinux: Permission watch in class blk_file not defined in policy. [ 9.689947] SELinux: Permission watch_mount in class blk_file not defined in policy. [ 9.689948] SELinux: Permission watch_sb in class blk_file not defined in policy. [ 9.689949] SELinux: Permission watch_with_perm in class blk_file not defined in policy. [ 9.6...

On Fri, Feb 07, 2020 at 08:47:14AM +0100, Christian Borntraeger wrote: > Also adding Cornelia. > > > On 06.02.20 23:17, Michael S. Tsirkin wrote: > > On Thu, Feb 06, 2020 at 04:12:21PM +0100, Christian Borntraeger wrote: > >> > >> > >> On 06.02.20 15:22, eperezma at redhat.com wrote: > >>> Hi Christian. > >>> > >>>

On Fri, Feb 07, 2020 at 08:47:14AM +0100, Christian Borntraeger wrote: > Also adding Cornelia. > > > On 06.02.20 23:17, Michael S. Tsirkin wrote: > > On Thu, Feb 06, 2020 at 04:12:21PM +0100, Christian Borntraeger wrote: > >> > >> > >> On 06.02.20 15:22, eperezma at redhat.com wrote: > >>> Hi Christian. > >>> > >>>