"Daniel J Walsh wrote:" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/19/2013 11:36 PM, David Highley wrote: > > We are seeing a previously fixed issue reoccurring that the device entries, > > /dev/tw??, are not getting labeled at boot time so smartd is getting > > blocked. Current policy is: selinux-policy-targeted-3.11.1-91.fc18.noarch > > > > Started with the previous version. -- selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > What exact devices. The way this works can be racy. The kernel creates a > device and udev notices the device and relabels it. If smartd notices the > device before udev fixes it, we can generate an AVC. We might be able to use > named filetrans, but it can only handle exact matches. If the device number is > big and random, we have to go back to the race condition where udev fixes the > label. Currently we do not have named file trans for any tw devices. They are /dev/tw0 to /dev/twa15. Since we are able to do a restorecon it is more likely the race condition and that smartd is getting started too early by systemd. We will submit a bug report against smartd as the probably need to modify the smartd.service file to had some wait coordination. Boot and install times are great. Won't boar all of you with the multi hour conference room login experience I had last week at work due to IT management of systems and Windows:-) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.13 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlFybVwACgkQrlYvE4MpobMfEQCfa3NWbRg9Nxvo4/qF1PoTzHuB > +F4AnA8cY+r4l45atlQ8yzNBWFKsUg5H > =j4jD > -----END PGP SIGNATURE----- > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux