[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm=smartd
name=megadev0 dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves the
problem, but is this the best solution ?
Thanks,
--
Philippe Naudin
UMR MISTEA : Mathématiques, Informatique et STatistique pour
l'Environnement et l'Agronomie
INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2
tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-5.7 + megaraid + SELinux : update problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/03/2011 08:28 AM, Philippe Naudin wrote:
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined (in
/etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail : avc: denied { read write } for
pid=2847 comm=smartd name=megadev0 dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0) to fixed_disk_device_t solves
the problem, but is this the best solution ?
Thanks,
Should medadev0 be labeled as removable_device_t? This is usually the
label of cdrom/dvdrives drives.
grep removable_device_t
/etc/selinux/targeted/contexts/files/file_contexts
/dev/p[fg][0-3] -b system_u:object_r:removable_device_t:s0
/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t:s0
/dev/pg[0-3]-c system_u:object_r:removable_device_t:s0
/dev/fd[^/]+-b system_u:object_r:removable_device_t:s0
/dev/ub[a-z][^/]+ -b system_u:object_r:removable_device_t:s0
/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t:s0
/dev/cdu.* -b system_u:object_r:removable_device_t:s0
/dev/pcd[0-3] -b system_u:object_r:removable_device_t:s0
/dev/mcdx? -b system_u:object_r:removable_device_t:s0
/dev/cm20.* -b system_u:object_r:removable_device_t:s0
/dev/sbpcd.*-b system_u:object_r:removable_device_t:s0
/dev/mmcblk.* -b system_u:object_r:removable_device_t:s0
/dev/mspblk.* -b system_u:object_r:removable_device_t:s0
/dev/megadev.* -c system_u:object_r:removable_device_t:s0
/dev/floppy/[^/]* -b system_u:object_r:removable_device_t:s0
/dev/sjcd -b system_u:object_r:removable_device_t:s0
/dev/gscd -b system_u:object_r:removable_device_t:s0
/dev/bpcd -b system_u:object_r:removable_device_t:s0
/dev/optcd -b system_u:object_r:removable_device_t:s0
/dev/hitcd -b system_u:object_r:removable_device_t:s0
/dev/aztcd -b system_u:object_r:removable_device_t:s0
/dev/sonycd -b system_u:object_r:removable_device_t:s0
/dev/hwcdrom-b system_u:object_r:removable_device_t:s0
/dev/usb/rio500 -c system_u:object_r:removable_device_t:s0
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6yl60ACgkQrlYvE4MpobOcFQCg6kShMQVeb26wX7vQdBLhBJrW
RsAAnjbJQnsaBVk2ACmKWqKveZbV4/ml
=XeFd
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
