SPM
2007-03-09, 03:09 PM CST
I have SE Linux running in enforcing mode on FC6
I get an SE Linux access denial when I try to run the Logical Volume Manager GUI config tool (system-config-lvm 1.0.18) from System >> Administration >> Logical Volume Management .
I get the same problem running /usr/sbin/vgs and /usr/sbin/vgdisplay off the command line
( LVM version: 2.02.17 (2006-12-14)
Library version: 1.02.13 (2006-11-28)
Driver version: 4.10.0 )
here is the setroubleshooter report:
-----------------------------------------------------------------------------------------------------------------------
Summary
SELinux is preventing /usr/sbin/lvm (lvm_t) "write" to .cache (lvm_etc_t).
Detailed Description
SELinux denied access requested by /usr/sbin/lvm. It is not expected that this access is required by /usr/sbin/lvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for .cache, restorecon -v .cache If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.
Additional Information
Source Context: user_u:system_r:lvm_t
Target Context: system_u:object_r:lvm_etc_t
Target Objects: .cache [ file ]
Affected RPM Packages: lvm2-2.02.17-1.fc6 [application]
Policy RPM: selinux-policy-2.4.6-41.fc6
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.catchall_file
Host Name: puppet
Platform: Linux puppet 2.6.19-1.2911.6.4.fc6 #1 SMP Sat Feb 24 14:39:04 EST 2007 i686 athlon
Alert Count: 15
Line Numbers:
Raw Audit Messages :
avc: denied { write } for comm="vgdisplay" dev=hda1 egid=0 euid=0 exe="/usr/sbin/lvm" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=".cache" pid=28274 scontext=user_u:system_r:lvm_t:s0 sgid=0 subj=user_u:system_r:lvm_t:s0 suid=0 tclass=file tcontext=system_u:object_r:lvm_etc_t:s0 tty=pts1 uid=0
---------------------------------------------------------------------------------------------------------------------
Should I file a bug report on this?
I get an SE Linux access denial when I try to run the Logical Volume Manager GUI config tool (system-config-lvm 1.0.18) from System >> Administration >> Logical Volume Management .
I get the same problem running /usr/sbin/vgs and /usr/sbin/vgdisplay off the command line
( LVM version: 2.02.17 (2006-12-14)
Library version: 1.02.13 (2006-11-28)
Driver version: 4.10.0 )
here is the setroubleshooter report:
-----------------------------------------------------------------------------------------------------------------------
Summary
SELinux is preventing /usr/sbin/lvm (lvm_t) "write" to .cache (lvm_etc_t).
Detailed Description
SELinux denied access requested by /usr/sbin/lvm. It is not expected that this access is required by /usr/sbin/lvm and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for .cache, restorecon -v .cache If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.
Additional Information
Source Context: user_u:system_r:lvm_t
Target Context: system_u:object_r:lvm_etc_t
Target Objects: .cache [ file ]
Affected RPM Packages: lvm2-2.02.17-1.fc6 [application]
Policy RPM: selinux-policy-2.4.6-41.fc6
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.catchall_file
Host Name: puppet
Platform: Linux puppet 2.6.19-1.2911.6.4.fc6 #1 SMP Sat Feb 24 14:39:04 EST 2007 i686 athlon
Alert Count: 15
Line Numbers:
Raw Audit Messages :
avc: denied { write } for comm="vgdisplay" dev=hda1 egid=0 euid=0 exe="/usr/sbin/lvm" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=".cache" pid=28274 scontext=user_u:system_r:lvm_t:s0 sgid=0 subj=user_u:system_r:lvm_t:s0 suid=0 tclass=file tcontext=system_u:object_r:lvm_etc_t:s0 tty=pts1 uid=0
---------------------------------------------------------------------------------------------------------------------
Should I file a bug report on this?