Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 236495

Summary: vgscan fails when tageted is in enforce mode
Product: [Fedora] Fedora Reporter: Frank Büttner <bugzilla>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: high    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-16 13:53:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Frank Büttner 2007-04-15 12:06:05 UTC
Description of problem:
When run vgscan in enforce mode it fails with an denied message.
When add LVM after installing Fedora, it will result in an possible unbootable
system.(when mounting the logical volume in fstab)

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-54.fc6

How reproducible:
every time

Steps to Reproduce:
1.run vgscan in enforce mode
  
Actual results:
This denied message:
type=AVC msg=audit(1176638158.025:1005): avc:  denied  { write } for  pid=3892
comm="lvm" name=".cache" dev=md1 ino=7858258 scontext=user_u:system_r:lvm_t:s0
tcontex
t=user_u:object_r:lvm_etc_t:s0 tclass=file
type=SYSCALL msg=audit(1176638158.025:1005): arch=40000003 syscall=5 success=yes
exit=3 a0=a0498d0 a1=8042 a2=1ff a3=8042 items=0 ppid=4447 pid=3892 auid=500 uid=0 g
id=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts6 comm="lvm"
exe="/usr/sbin/lvm" subj=user_u:system_r:lvm_t:s0 key=(null)
type=AVC msg=audit(1176638158.027:1006): avc:  denied  { unlink } for  pid=3892
comm="lvm" name=".cache" dev=md1 ino=7858258 scontext=user_u:system_r:lvm_t:s0
tconte

Expected results:
That it run's without any denied message.

Comment 1 Daniel Walsh 2007-04-16 13:53:32 UTC
restorecon /etc/lvm/.cache

This file some times gets the wrong context on it.

You can add this file to 
/etc/selinux/restorecond.conf

And then run restorecond service, which should maintain the context.  The file
has been moved in FC7 to better maintain its context.