We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC.
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
What is your output of
$ rpm -q selinux-policy-targeted
$ sesearch -A -s mdadm_t -t efivarfs_t
?
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
"Miroslav Grepl wrote:"
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
What is your output of
$ rpm -q selinux-policy-targeted
$ sesearch -A -s mdadm_t -t efivarfs_t
This is a fedora 23 host. selinux-policy-targeted-3.13.1-158.fc23.noarch Found 3 semantic av rules: allow mdadm_t file_type : filesystem getattr ; allow mdadm_t filesystem_type : filesystem getattr ; allow mdadm_t efivarfs_t : dir search ;
?
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.
On 01/18/2016 01:52 PM, David Highley wrote:
"Miroslav Grepl wrote:"
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
What is your output of
$ rpm -q selinux-policy-targeted
$ sesearch -A -s mdadm_t -t efivarfs_t
This is a fedora 23 host. selinux-policy-targeted-3.13.1-158.fc23.noarch Found 3 semantic av rules: allow mdadm_t file_type : filesystem getattr ; allow mdadm_t filesystem_type : filesystem getattr ; allow mdadm_t efivarfs_t : dir search ;
#dnf update selinux-policy --enablerepo=updates-testing
This should fix your issue.
?
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.
-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
"Lukas Vrabec wrote:"
On 01/18/2016 01:52 PM, David Highley wrote:
"Miroslav Grepl wrote:"
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
What is your output of
$ rpm -q selinux-policy-targeted
$ sesearch -A -s mdadm_t -t efivarfs_t
This is a fedora 23 host. selinux-policy-targeted-3.13.1-158.fc23.noarch Found 3 semantic av rules: allow mdadm_t file_type : filesystem getattr ; allow mdadm_t filesystem_type : filesystem getattr ; allow mdadm_t efivarfs_t : dir search ;
#dnf update selinux-policy --enablerepo=updates-testing
This should fix your issue.
Confirmed the issue is fixed.
?
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.
-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
On 01/19/2016 02:02 PM, David Highley wrote:
"Lukas Vrabec wrote:"
On 01/18/2016 01:52 PM, David Highley wrote:
"Miroslav Grepl wrote:"
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
What is your output of
$ rpm -q selinux-policy-targeted
$ sesearch -A -s mdadm_t -t efivarfs_t
This is a fedora 23 host. selinux-policy-targeted-3.13.1-158.fc23.noarch Found 3 semantic av rules: allow mdadm_t file_type : filesystem getattr ; allow mdadm_t filesystem_type : filesystem getattr ; allow mdadm_t efivarfs_t : dir search ;
#dnf update selinux-policy --enablerepo=updates-testing
This should fix your issue.
Confirmed the issue is fixed.
Thank you for testing.
?
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.
-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
On 01/16/2016 04:48 AM, David Highley wrote:
We had previously posted about this AVC and understood in a reply that it was fixed in the next update but we're still seeing it once a day.
time->Fri Jan 15 03:22:01 2016 type=AVC msg=audit(1452856921.601:1934): avc: denied { read } for pid=6439 comm="mdadm" name="RstSataV-193dfefa-a445-4302-99d8-ef3aad1a04c6" dev="efivarfs" ino=126 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:efivarfs_t:s0 tclass=file permissive=0
It had been said that it was related to the secure boot process but all of our systems use that and only one system is reporting this AVC. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Hi, What version of fedora do you use? If F22, you need to wait for package update. I'll provide it ASAP.
selinux@lists.fedoraproject.org