H On Dec 17, 2015 05:55, Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote: > > Hi, > > Mdadm tool trying to read file in efivarfs partition. > Are you using UEFI secure boot? Yes > We have some reported bugs for this issue[1][2]. I would say we should > allow this. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1287203 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1276519 I do not know the syntax as audit2allow does not suggest anything for this AVC. > > Regards, > Lukas. > > On 12/17/2015 01:32 PM, David Highley wrote: > > Any idea what is causing these AVCs? > > > > time->Wed Dec 16 03:27:02 2015 > > type=AVC msg=audit(1450265222.013:16754): avc: denied { read } for pid=10738 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=1180 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0 > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx > > -- > Lukas Vrabec > SELinux Solutions > Red Hat, Inc. > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
