View Issue Details

IDProjectCategoryView StatusLast Update
0016410CentOS-7selinux-policypublic2019-09-18 08:49
ReporterTuxHandwerker 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016410: SELinux is preventing /usr/sbin/smartd from 'read' accesses on the chr_file nvme0.
DescriptionDescription of problem:
Update to CentOS 7.7
SELinux is preventing /usr/sbin/smartd from 'read' accesses on the chr_file nvme0.

***** Plugin catchall (100. confidence) suggests **************************

Wenn Sie denken, dass es smartd standardmäßig erlaubt sein sollte, read Zugriff auf nvme0 chr_file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
allow this access for now by executing:
# ausearch -c 'smartd' --raw | audit2allow -M my-smartd
# semodule -i my-smartd.pp

Additional Information:
Source Context system_u:system_r:fsdaemon_t:s0
Target Context system_u:object_r:nvme_device_t:s0
Target Objects nvme0 [ chr_file ]
Source smartd
Source Path /usr/sbin/smartd
Port <Unknown>
Host (removed)
Source RPM Packages smartmontools-7.0-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-252.el7.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-1062.1.1.el7.x86_64 #1 SMP
                              Fri Sep 13 22:55:44 UTC 2019 x86_64 x86_64
Alert Count 8
First Seen 2019-09-18 08:53:07 CEST
Last Seen 2019-09-18 10:02:12 CEST
Local ID 8902e268-6c0b-4a65-be8c-a46172186e44

Raw Audit Messages
type=AVC msg=audit(1568793732.625:11): avc: denied { read } for pid=2185 comm="smartd" name="nvme0" dev="devtmpfs" ino=1404 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=0


type=SYSCALL msg=audit(1568793732.625:11): arch=x86_64 syscall=open success=no exit=EACCES a0=562bf8e9dbc8 a1=800 a2=0 a3=562bf795add0 items=0 ppid=1 pid=2185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=smartd exe=/usr/sbin/smartd subj=system_u:system_r:fsdaemon_t:s0 key=(null)

Hash: smartd,fsdaemon_t,nvme_device_t,chr_file,read

Version-Release number of selected component:
selinux-policy-3.13.1-252.el7.1.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-1062.1.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash0b597acc808ce3fc5bb3345c940a598b80e253c0853c81ccd1e1bd7cfa0535ee
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-09-18 08:49 TuxHandwerker New Issue