View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0016410 | CentOS-7 | selinux-policy | public | 2019-09-18 08:49 | 2020-05-04 07:15 |
| Reporter | TuxHandwerker | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| OS Version | 7 | ||||
| Summary | 0016410: SELinux is preventing /usr/sbin/smartd from 'read' accesses on the chr_file nvme0. | ||||
| Description | Description of problem: Update to CentOS 7.7 SELinux is preventing /usr/sbin/smartd from 'read' accesses on the chr_file nvme0. ***** Plugin catchall (100. confidence) suggests ************************** Wenn Sie denken, dass es smartd standardmäßig erlaubt sein sollte, read Zugriff auf nvme0 chr_file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'smartd' --raw | audit2allow -M my-smartd # semodule -i my-smartd.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:object_r:nvme_device_t:s0 Target Objects nvme0 [ chr_file ] Source smartd Source Path /usr/sbin/smartd Port <Unknown> Host (removed) Source RPM Packages smartmontools-7.0-1.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-252.el7.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-1062.1.1.el7.x86_64 #1 SMP Fri Sep 13 22:55:44 UTC 2019 x86_64 x86_64 Alert Count 8 First Seen 2019-09-18 08:53:07 CEST Last Seen 2019-09-18 10:02:12 CEST Local ID 8902e268-6c0b-4a65-be8c-a46172186e44 Raw Audit Messages type=AVC msg=audit(1568793732.625:11): avc: denied { read } for pid=2185 comm="smartd" name="nvme0" dev="devtmpfs" ino=1404 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=0 type=SYSCALL msg=audit(1568793732.625:11): arch=x86_64 syscall=open success=no exit=EACCES a0=562bf8e9dbc8 a1=800 a2=0 a3=562bf795add0 items=0 ppid=1 pid=2185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=smartd exe=/usr/sbin/smartd subj=system_u:system_r:fsdaemon_t:s0 key=(null) Hash: smartd,fsdaemon_t,nvme_device_t,chr_file,read Version-Release number of selected component: selinux-policy-3.13.1-252.el7.1.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1062.1.1.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 0b597acc808ce3fc5bb3345c940a598b80e253c0853c81ccd1e1bd7cfa0535ee | ||||
| URL | |||||
 |
Another user experienced a similar problem: Not sure reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1127.el7.x86_64 package: selinux-policy-3.13.1-266.el7.noarch reason: SELinux is preventing /usr/sbin/smartd from 'read' accesses on the chr_file nvme0. reproducible: Not sure how to reproduce the problem type: libreport |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-09-18 08:49 | TuxHandwerker | New Issue | |
| 2020-05-04 07:15 | Jonathan Reznik | Note Added: 0036861 |
