On Sun, 2005-10-30 at 11:11 +0200, Felipe Alfaro Solana wrote:
> Hello,
>
> I'm running Fedora Core RawHhide and I'm seeing lots of SELinux AVCs
> during boot, related to my swap stored in a LVM volume:
>
> audit(1130670344.636:4): avc: denied { read } for pid=919
> comm="restorecon" name="VolGroup00-Swap" dev=tmpfs ino=653
> scontext=system_u:system_r:restorecon_t:s0
> tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
>
> audit(1130670345.668:5): avc: denied { use } for pid=932
> comm="fsck" name="VolGroup00-Swap" dev=tmpfs ino=653
> scontext=system_u:system_r:fsadm_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
This implies that a process that ran before the initial policy load
by /sbin/init (hence a "kernel_t" file descriptor) opened the device
(hence a "fixed_disk_device_t" block device file) and failed to ever
close it (or mark it close-on-exec), thereby leaking it to all
descendants. Already bugzilla'd:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165912
Dan, James - looks like this could just be a bug in lvm? Should be filed against it?
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
