634554 – missing "map" permission for lvm

Bug 634554 - missing "map" permission for lvm

Summary: missing "map" permission for lvm

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-17 16:54 UTC by Amadeusz Sławiński
Modified:	2018-10-03 20:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
lvm allow map perms on lvm_etc_t (0001-lvm-allow-map-perms-on-lvm_etc_t.patch,1.01 KB, patch) 2017-10-18 10:30 UTC, Amadeusz Sławiński	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Amadeusz Sławiński 2017-10-17 16:54:52 UTC

It does seem like my system still works without this allowed, but I suspect that it may cause problems in some configurations:

[   15.090525] audit: type=1400 audit(1508258158.090:3): avc:  denied  { map } for  pid=1572 comm="lvm" path="/etc/lvm/lvm.conf" dev="dm-0" ino=19146948 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:lvm_etc_t tclass=file permissive=0
[   15.097910] audit: type=1400 audit(1508258158.097:4): avc:  denied  { map } for  pid=1575 comm="lvm" path="/etc/lvm/lvm.conf" dev="dm-0" ino=19146948 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:lvm_etc_t tclass=file permissive=0

Comment 1 Amadeusz Sławiński 2017-10-17 21:03:43 UTC

Suggested fix:

https://github.com/amade/hardened-refpolicy/commit/68c18da899a128d69a69c7f1b00511ed93b27901

Comment 2 Amadeusz Sławiński 2017-10-18 10:30:47 UTC

Created attachment 499058 [details, diff]
lvm allow map perms on lvm_etc_t

and attach patch for history