[CentOS] CentOS-5.7 + megaraid + SELinux : update problem

Thu Nov 3 13:31:25 UTC 2011
Daniel J Walsh <dwalsh at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/03/2011 08:28 AM, Philippe Naudin wrote:
> Hello,
> 
> After updating to CentOS-5.7, I have a (small) problem :
> 
> The context of /dev/megadev0 is now defined (in
> /etc/selinux/targeted/contexts/files/file_contexts) as 
> system_u:object_r:removable_device_t:s0.
> 
> This cause smartmontools to fail : avc:  denied  { read write } for
> pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 
> scontext=system_u:system_r:fsdaemon_t:s0 
> tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
> 
> Changing the context (of megadev0) to fixed_disk_device_t solves
> the problem, but is this the best solution ?
> 
> Thanks,
> 
Should medadev0 be labeled as removable_device_t?  This is usually the
label of cdrom/dvdrives drives.


 grep removable_device_t
/etc/selinux/targeted/contexts/files/file_contexts
/dev/p[fg][0-3]	-b	system_u:object_r:removable_device_t:s0
/dev/s(cd|r)[^/]*	-b	system_u:object_r:removable_device_t:s0
/dev/pg[0-3]	-c	system_u:object_r:removable_device_t:s0
/dev/fd[^/]+	-b	system_u:object_r:removable_device_t:s0
/dev/ub[a-z][^/]+	-b	system_u:object_r:removable_device_t:s0
/dev/pd[a-d][^/]*	-b	system_u:object_r:removable_device_t:s0
/dev/cdu.*	-b	system_u:object_r:removable_device_t:s0
/dev/pcd[0-3]	-b	system_u:object_r:removable_device_t:s0
/dev/mcdx?	-b	system_u:object_r:removable_device_t:s0
/dev/cm20.*	-b	system_u:object_r:removable_device_t:s0
/dev/sbpcd.*	-b	system_u:object_r:removable_device_t:s0
/dev/mmcblk.*	-b	system_u:object_r:removable_device_t:s0
/dev/mspblk.*	-b	system_u:object_r:removable_device_t:s0
/dev/megadev.*	-c	system_u:object_r:removable_device_t:s0
/dev/floppy/[^/]*	-b	system_u:object_r:removable_device_t:s0
/dev/sjcd	-b	system_u:object_r:removable_device_t:s0
/dev/gscd	-b	system_u:object_r:removable_device_t:s0
/dev/bpcd	-b	system_u:object_r:removable_device_t:s0
/dev/optcd	-b	system_u:object_r:removable_device_t:s0
/dev/hitcd	-b	system_u:object_r:removable_device_t:s0
/dev/aztcd	-b	system_u:object_r:removable_device_t:s0
/dev/sonycd	-b	system_u:object_r:removable_device_t:s0
/dev/hwcdrom	-b	system_u:object_r:removable_device_t:s0
/dev/usb/rio500	-c	system_u:object_r:removable_device_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb26wX7vQdBLhBJrW
RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml
=XeFd
-----END PGP SIGNATURE-----