Re: Still getting an AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

"Lukas Vrabec wrote:"
> 
> On 01/18/2016 01:52 PM, David Highley wrote:
> > "Miroslav Grepl wrote:"
> >>
> >> On 01/16/2016 04:48 AM, David Highley wrote:
> >>> We had previously posted about this AVC and understood in a reply that
> >>> it was fixed in the next update but we're still seeing it once a day.
> >>
> >> What is your output of
> >>
> >> $ rpm -q selinux-policy-targeted
> >>
> >> $ sesearch -A -s mdadm_t -t efivarfs_t
> >
> > This is a fedora 23 host.
> > selinux-policy-targeted-3.13.1-158.fc23.noarch
> > Found 3 semantic av rules:
> >     allow mdadm_t file_type : filesystem getattr ;
> >     allow mdadm_t filesystem_type : filesystem getattr ;
> >     allow mdadm_t efivarfs_t : dir search ;
> >
> >>
> 
> 
> #dnf update selinux-policy --enablerepo=updates-testing
> 
> 
> This should fix your issue.

Confirmed the issue is fixed.

> 
> >> ?
> >>>
> >>> time->Fri Jan 15 03:22:01 2016
> >>> type=AVC msg=audit(1452856921.601:1934): avc:  denied  { read } for
> >>> pid=6439 comm="mdadm"
> >>> name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs"
> >>> ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023
> >>> tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
> >>>
> >>> It had been said that it was related to the secure boot process but all
> >>> of our systems use that and only one system is reporting this AVC.
> >>> --
> >>> selinux mailing list
> >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>> http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>>
> >>
> >>
> >> --
> >> Miroslav Grepl
> >> Senior Software Engineer, SELinux Solutions
> >> Red Hat, Inc.
> >>
> > --
> > selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >
> 
> 
> -- 
> Lukas Vrabec
> SELinux Solutions
> Red Hat, Inc.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> 
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux