I added changes. It will be allowed in next versions of selinux-policy
package.
On 12/17/2015 03:37 PM, David Highley wrote:
H
On Dec 17, 2015 05:55, Lukas Vrabec <lvrabec@xxxxxxxxxx> wrote:
Hi,
Mdadm tool trying to read file in efivarfs partition.
Are you using UEFI secure boot?
Yes
We have some reported bugs for this issue[1][2]. I would say we should
allow this.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1287203
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1276519
I do not know the syntax as audit2allow does not suggest anything for this AVC.
Regards,
Lukas.
On 12/17/2015 01:32 PM, David Highley wrote:
Any idea what is causing these AVCs?
time->Wed Dec 16 03:27:02 2015
type=AVC msg=audit(1450265222.013:16754): avc: denied { read } for pid=10738 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=1180 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx