[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 3 13:31:25 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/03/2011 08:28 AM, Philippe Naudin wrote:
> Hello,
>
> After updating to CentOS-5.7, I have a (small) problem :
>
> The context of /dev/megadev0 is now defined (in
> /etc/selinux/targeted/contexts/files/file_contexts) as
> system_u:object_r:removable_device_t:s0.
>
> This cause smartmontools to fail : avc: denied { read write } for
> pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284
> scontext=system_u:system_r:fsdaemon_t:s0
> tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
>
> Changing the context (of megadev0) to fixed_disk_device_t solves
> the problem, but is this the best solution ?
>
> Thanks,
>
Should medadev0 be labeled as removable_device_t? This is usually the
label of cdrom/dvdrives drives.
grep removable_device_t
/etc/selinux/targeted/contexts/files/file_contexts
/dev/p[fg][0-3] -b system_u:object_r:removable_device_t:s0
/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t:s0
/dev/pg[0-3] -c system_u:object_r:removable_device_t:s0
/dev/fd[^/]+ -b system_u:object_r:removable_device_t:s0
/dev/ub[a-z][^/]+ -b system_u:object_r:removable_device_t:s0
/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t:s0
/dev/cdu.* -b system_u:object_r:removable_device_t:s0
/dev/pcd[0-3] -b system_u:object_r:removable_device_t:s0
/dev/mcdx? -b system_u:object_r:removable_device_t:s0
/dev/cm20.* -b system_u:object_r:removable_device_t:s0
/dev/sbpcd.* -b system_u:object_r:removable_device_t:s0
/dev/mmcblk.* -b system_u:object_r:removable_device_t:s0
/dev/mspblk.* -b system_u:object_r:removable_device_t:s0
/dev/megadev.* -c system_u:object_r:removable_device_t:s0
/dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0
/dev/sjcd -b system_u:object_r:removable_device_t:s0
/dev/gscd -b system_u:object_r:removable_device_t:s0
/dev/bpcd -b system_u:object_r:removable_device_t:s0
/dev/optcd -b system_u:object_r:removable_device_t:s0
/dev/hitcd -b system_u:object_r:removable_device_t:s0
/dev/aztcd -b system_u:object_r:removable_device_t:s0
/dev/sonycd -b system_u:object_r:removable_device_t:s0
/dev/hwcdrom -b system_u:object_r:removable_device_t:s0
/dev/usb/rio500 -c system_u:object_r:removable_device_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb26wX7vQdBLhBJrW
RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml
=XeFd
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list