On 05/23/2016 03:34 PM, m.roth(a)5-cent.us wrote:
CentOS 7, updated.
selinux_policy: 3.13.1-60
selinux_policy_targeted: 3.13.1-60
python: SELinux is preventing <blah_blah_stupid user path> from getattr
access on the chr_file /dev/ipmi0.#012#012***** Plugin restorecon (90.5
confidence) suggests ************************#012#012If you want to fix
the label. #012/dev/ipmi0 default label should be ipmi_device_
Please provide a whole message with AVC denial next time to help to find
a solution
A context for /dev/ipmi0 is already defined in the policy therefore it
should be sufficient to run restorecon:
# matchpathcon /dev/ipmi0
/dev/ipmi0 system_u:object_r:ipmi_device_t:s0
# restorecon -v /dev/ipmi0
restorecon reset /dev/ipmi0 context
system_u:object_r:device_t:s0->system_u:object_r:ipmi_device_t:s0
So I tried:
semanage fcontext -m -t ipmi_device_t /dev/ipmi0
ValueError: File context for /dev/ipmi0 is not defined
If the file context is not already defined in your local modification,
you need to add is, not modify (but it's not the case here as it's
already in system policy)
# semanage fcontext -a -t ipmi_device_t /dev/ipmi0
Petr