Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves the problem, but is this the best solution ?
Thanks,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/03/2011 08:28 AM, Philippe Naudin wrote:
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves the problem, but is this the best solution ?
Thanks,
Should medadev0 be labeled as removable_device_t? This is usually the label of cdrom/dvdrives drives.
grep removable_device_t /etc/selinux/targeted/contexts/files/file_contexts /dev/p[fg][0-3] -b system_u:object_r:removable_device_t:s0 /dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t:s0 /dev/pg[0-3] -c system_u:object_r:removable_device_t:s0 /dev/fd[^/]+ -b system_u:object_r:removable_device_t:s0 /dev/ub[a-z][^/]+ -b system_u:object_r:removable_device_t:s0 /dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t:s0 /dev/cdu.* -b system_u:object_r:removable_device_t:s0 /dev/pcd[0-3] -b system_u:object_r:removable_device_t:s0 /dev/mcdx? -b system_u:object_r:removable_device_t:s0 /dev/cm20.* -b system_u:object_r:removable_device_t:s0 /dev/sbpcd.* -b system_u:object_r:removable_device_t:s0 /dev/mmcblk.* -b system_u:object_r:removable_device_t:s0 /dev/mspblk.* -b system_u:object_r:removable_device_t:s0 /dev/megadev.* -c system_u:object_r:removable_device_t:s0 /dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0 /dev/sjcd -b system_u:object_r:removable_device_t:s0 /dev/gscd -b system_u:object_r:removable_device_t:s0 /dev/bpcd -b system_u:object_r:removable_device_t:s0 /dev/optcd -b system_u:object_r:removable_device_t:s0 /dev/hitcd -b system_u:object_r:removable_device_t:s0 /dev/aztcd -b system_u:object_r:removable_device_t:s0 /dev/sonycd -b system_u:object_r:removable_device_t:s0 /dev/hwcdrom -b system_u:object_r:removable_device_t:s0 /dev/usb/rio500 -c system_u:object_r:removable_device_t:s0
-
Daniel J Walsh -
Philippe Naudin