FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-03-2011, 11:28 AM
Philippe Naudin
 
Default CentOS-5.7 + megaraid + SELinux : update problem

Hello,

After updating to CentOS-5.7, I have a (small) problem :

The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_ubject_r:removable_device_t:s0.

This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm="smartd"
name="megadev0" dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_ubject_r:removable_device_t:s0 tclass=chr_file

Changing the context (of megadev0) to fixed_disk_device_t solves the
problem, but is this the best solution ?

Thanks,

--
Philippe Naudin
UMR MISTEA : Mathématiques, Informatique et STatistique pour
l'Environnement et l'Agronomie
INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2
tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: naudin@supagro.inra.fr
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-03-2011, 12:31 PM
Daniel J Walsh
 
Default CentOS-5.7 + megaraid + SELinux : update problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/03/2011 08:28 AM, Philippe Naudin wrote:
> Hello,
>
> After updating to CentOS-5.7, I have a (small) problem :
>
> The context of /dev/megadev0 is now defined (in
> /etc/selinux/targeted/contexts/files/file_contexts) as
> system_ubject_r:removable_device_t:s0.
>
> This cause smartmontools to fail : avc: denied { read write } for
> pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284
> scontext=system_u:system_r:fsdaemon_t:s0
> tcontext=system_ubject_r:removable_device_t:s0 tclass=chr_file
>
> Changing the context (of megadev0) to fixed_disk_device_t solves
> the problem, but is this the best solution ?
>
> Thanks,
>
Should medadev0 be labeled as removable_device_t? This is usually the
label of cdrom/dvdrives drives.


grep removable_device_t
/etc/selinux/targeted/contexts/files/file_contexts
/dev/p[fg][0-3] -b system_ubject_r:removable_device_t:s0
/dev/s(cd|r)[^/]* -b system_ubject_r:removable_device_t:s0
/dev/pg[0-3] -c system_ubject_r:removable_device_t:s0
/dev/fd[^/]+ -b system_ubject_r:removable_device_t:s0
/dev/ub[a-z][^/]+ -b system_ubject_r:removable_device_t:s0
/dev/pd[a-d][^/]* -b system_ubject_r:removable_device_t:s0
/dev/cdu.* -b system_ubject_r:removable_device_t:s0
/dev/pcd[0-3] -b system_ubject_r:removable_device_t:s0
/dev/mcdx? -b system_ubject_r:removable_device_t:s0
/dev/cm20.* -b system_ubject_r:removable_device_t:s0
/dev/sbpcd.* -b system_ubject_r:removable_device_t:s0
/dev/mmcblk.* -b system_ubject_r:removable_device_t:s0
/dev/mspblk.* -b system_ubject_r:removable_device_t:s0
/dev/megadev.* -c system_ubject_r:removable_device_t:s0
/dev/floppy/[^/]* -b system_ubject_r:removable_device_t:s0
/dev/sjcd -b system_ubject_r:removable_device_t:s0
/dev/gscd -b system_ubject_r:removable_device_t:s0
/dev/bpcd -b system_ubject_r:removable_device_t:s0
/dev/optcd -b system_ubject_r:removable_device_t:s0
/dev/hitcd -b system_ubject_r:removable_device_t:s0
/dev/aztcd -b system_ubject_r:removable_device_t:s0
/dev/sonycd -b system_ubject_r:removable_device_t:s0
/dev/hwcdrom -b system_ubject_r:removable_device_t:s0
/dev/usb/rio500 -c system_ubject_r:removable_device_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb2 6wX7vQdBLhBJrW
RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml
=XeFd
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org