View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0016645 | CentOS-7 | selinux-policy | public | 2019-10-24 06:29 | 2019-10-24 06:29 |
| Reporter | bugs.centos.org@elger.org | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Platform | OS | OS Version | 7 | ||
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| Summary | 0016645: SELinux is preventing /usr/sbin/smartd from 'ioctl' accesses on the chr_file /dev/nvme0. | ||||
| Description | Description of problem: If you install smartmontools then (periodically) smartd wants to access your blockdevices This generates a SELinux Alert SELinux is preventing /usr/sbin/smartd from 'ioctl' accesses on the chr_file /dev/nvme0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that smartd should be allowed ioctl access on the nvme0 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'smartd' --raw | audit2allow -M my-smartd # semodule -i my-smartd.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:object_r:nvme_device_t:s0 Target Objects /dev/nvme0 [ chr_file ] Source smartd Source Path /usr/sbin/smartd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-252.el7.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 x86_64 Alert Count 319 First Seen 2019-10-07 08:39:04 CEST Last Seen 2019-10-24 08:16:00 CEST Local ID bbbe8cc7-e933-4860-9024-0880541fbd7b Raw Audit Messages type=AVC msg=audit(1571897760.413:455): avc: denied { ioctl } for pid=1564 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=8080 ioctlcmd=4e41 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 Hash: smartd,fsdaemon_t,nvme_device_t,chr_file,ioctl Version-Release number of selected component: selinux-policy-3.13.1-252.el7.1.noarch | ||||
| Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1062.1.2.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
| Tags | No tags attached. | ||||
| abrt_hash | 621a5b014dc85f0717fdc35e7c91c406509f971c31121803ed6ff1dc71e9439c | ||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-10-24 06:29 | bugs.centos.org@elger.org | New Issue |
