Hi all,
i have some problems with selinux context about /dev/twe*
I get these messages:
Aug 28 08:41:19 w3host kernel: audit(1188283279.352:167): avc: denied
{ getattr } for pid=2512 comm="smartd" name="twe0" dev=tmpfs ino=10268
scontext=system_u:system_r:fsdaem
on_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Aug 28 08:41:19 w3host kernel: audit(1188283279.388:168): avc: denied
{ read } for pid=2512 comm="smartd" name="twe0" dev=tmpfs ino=10268
scontext=system_u:system_r:fsdaemon_
t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Aug 28 08:41:19 w3host kernel: audit(1188283279.445:169): avc: denied
{ ioctl } for pid=2512 comm="smartd" name="twe0" dev=tmpfs ino=10268
scontext=system_u:system_r:fsdaemon
_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
I know that /dev/twe* must have fixed_disk_device_t context.
When i fix it with chcon -t fixed_disk_device_t /dev/twe* the avc stop
to audit for this. Everything works ok. When i restarted the system, the
context changed to device_t again. I wrote in rc.local the command to
change cotentext, but it returned me "no such file or directory". I know
that twe* devices are created automatically on boot, so let's say that
this is no problem. I decided to use semanage to add rule for /dev/twe*
like this:
/usr/sbin/semanage fcontext -a -f -c -t fixed_disk_device_t "/dev/twe*"
After reboot, the result was the same, the context is device_t :(
When i used restorecon command:
/sbin/restorecon /dev/twe*
it changed the context to fixed_disk_device_t
So the questions are:
1. Where i make mistake
2. What can i do to fix this problem ?
Regards, Ali Nebi!
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
