Greetings, I tried the following: lvm vgs -o vg_name,vg_extent_size --units=k | cat > /tmp/vgs2 lvm vgs -o vg_name,vg_extent_size --units=k > /tmp/vgs1 and obtained -rw-r--r-- 1 root root 0 Apr 15 11:49 /tmp/vgs1 -rw-r--r-- 1 root root 28 Apr 15 11:49 /tmp/vgs2 but as you can see in the attached /var/log/audit.d/audit.log fragment, writing from an executable running in the lvm_t context to an object labeled with the tmp_t context is not allowed by the targeted policy. My setup: libselinux-1.33.4-2.fc6 selinux-policy-targeted-2.4.6-49.fc6 selinux-policy-2.4.6-49.fc6 Should I open a Bugzilla for this ? Thank you for your consideration, Davide Bolcioni -- There is no place like /home.
type=USER_ACCT msg=audit(1171320301.650:41): user pid=6201 uid=0 auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: accounting acct=news : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=LOGIN msg=audit(1171320301.651:42): login pid=6201 uid=0 old auid=4294967295 new auid=9 type=USER_START msg=audit(1171320301.656:43): user pid=6201 uid=0 auid=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: session open acct=news : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=CRED_ACQ msg=audit(1171320301.656:44): user pid=6201 uid=0 auid=9 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='PAM: setcred acct=news : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' type=AVC msg=audit(1176630582.797:103): avc: denied { write } for pid=6201 comm="lvm" name="vgs1" dev=tmpfs ino=33551 scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file type=SYSCALL msg=audit(1176630582.797:103): arch=c000003e syscall=59 success=yes exit=0 a0=8eaa80 a1=8d61b0 a2=8f4300 a3=6d items=0 ppid=5575 pid=6201 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm" exe="/sbin/lvm.static" subj=user_u:system_r:lvm_t:s0 key=(null) type=AVC msg=audit(1176630585.345:104): avc: denied { write } for pid=6201 comm="lvm" name=".cache" dev=dm-1 ino=1933743 scontext=user_u:system_r:lvm_t:s0 tcontext=user_u:object_r:lvm_etc_t:s0 tclass=file type=SYSCALL msg=audit(1176630585.345:104): arch=c000003e syscall=2 success=no exit=-13 a0=89da10 a1=42 a2=1ff a3=1 items=0 ppid=5575 pid=6201 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="lvm" exe="/usr/sbin/lvm" subj=user_u:system_r:lvm_t:s0 key=(null)
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list