View Issue Details

IDProjectCategoryView StatusLast Update
0014821CentOS-7OpenIPMIpublic2018-05-16 12:16
Reporterxhejtman 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0014821: Wrong security context on /dev/watchdog and /usr/libexec/openipmi-helper
DescriptionIf /dev/watchdog is not created by /usr/libexec/openipmi-helper script but some module, e.g. hpwdt, than it has security context watchdog_device_t. Suppose it is due to:
grep watchdog /etc/selinux/targeted/active/file_contexts
/dev/watchdog.* -c system_u:object_r:watchdog_device_t:s0

policy. However, /usr/libexec/openipmi-helper script has different context - ipmievd_exec_t, which results in fail in helper script as it thinks there is no /dev/watchdog node while there is.

Unfortunately, this test: if [ ${UDEV_EXISTS} -eq 0 -a ! -e /dev/watchdog ]; fails if /dev/watchdog exists but script has no access to it.

This has changed as of 7.5 version. It worked in 7.4.
TagsNo tags attached.
abrt_hash
URL

Activities

TrevorH

TrevorH

2018-05-16 12:13

developer   ~0031845

This sounds like a bug that will have been inherited from upstream so you also need to report this on bugzilla.redhat.com in order to get it fixed. CentOS rebuilds the RHEL sources unmodified except for debranding so to get an issue fixed that comes from RHEL, you have to get it fixed in RHEL first.
xhejtman

xhejtman

2018-05-16 12:16

reporter   ~0031846

https://bugzilla.redhat.com/show_bug.cgi?id=1578796 reported

Issue History

Date Modified Username Field Change
2018-05-16 11:59 xhejtman New Issue
2018-05-16 12:13 TrevorH Note Added: 0031845
2018-05-16 12:16 xhejtman Note Added: 0031846