I added changes. It will be allowed in next versions of selinux-policy
package.
On 12/17/2015 03:37 PM, David Highley wrote:
H
On Dec 17, 2015 05:55, Lukas Vrabec <lvrabec(a)redhat.com> wrote:
> Hi,
>
> Mdadm tool trying to read file in efivarfs partition.
> Are you using UEFI secure boot?
Yes
> We have some reported bugs for this issue[1][2]. I would say we should
> allow this.
>
> [1]
https://bugzilla.redhat.com/show_bug.cgi?id=1287203
> [2]
https://bugzilla.redhat.com/show_bug.cgi?id=1276519
I do not know the syntax as audit2allow does not suggest anything for this AVC.
> Regards,
> Lukas.
>
> On 12/17/2015 01:32 PM, David Highley wrote:
>> Any idea what is causing these AVCs?
>>
>> time->Wed Dec 16 03:27:02 2015
>> type=AVC msg=audit(1450265222.013:16754): avc: denied { read } for pid=10738
comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6"
dev="efivarfs" ino=1180 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
> --
> Lukas Vrabec
> SELinux Solutions
> Red Hat, Inc.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
--
selinux mailing list
selinux(a)lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org