On 01/18/2016 01:52 PM, David Highley wrote:
"Miroslav Grepl wrote:"
>
> On 01/16/2016 04:48 AM, David Highley wrote:
>> We had previously posted about this AVC and understood in a reply that
>> it was fixed in the next update but we're still seeing it once a day.
>
> What is your output of
>
> $ rpm -q selinux-policy-targeted
>
> $ sesearch -A -s mdadm_t -t efivarfs_t
This is a fedora 23 host.
selinux-policy-targeted-3.13.1-158.fc23.noarch
Found 3 semantic av rules:
allow mdadm_t file_type : filesystem getattr ;
allow mdadm_t filesystem_type : filesystem getattr ;
allow mdadm_t efivarfs_t : dir search ;
>
#dnf update selinux-policy --enablerepo=updates-testing
This should fix your issue.
> ?
>>
>> time->Fri Jan 15 03:22:01 2016
>> type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for
>> pid=6439 comm="mdadm"
>> name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6"
dev="efivarfs"
>> ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
>>
>> It had been said that it was related to the secure boot process but all
>> of our systems use that and only one system is reporting this AVC.
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
>>
>
>
> --
> Miroslav Grepl
> Senior Software Engineer, SELinux Solutions
> Red Hat, Inc.
>
--
selinux mailing list
selinux(a)lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.