View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000299Rocky-Linux-8selinux-policypublic2022-09-15 19:442022-09-15 19:44
ReporterElliott Balsley Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status newResolutionopen 
OSRockyOS Version8.6 
Summary0000299: SELinux is preventing mdadm from ioctl access on the blk_file /dev/nvme11n1
DescriptionI'm seeing this SELinux message every few minutes. I have 22 identical NVMe drives in this machine, configured as RAID 60 using mdadm. I don't know what's unique about this one, but this is the only one showing this error. I believe mdadm should be allowed this access by default.

```
# sealert -l 917240ff-1abf-4e9f-980e-ae9400e137bb
SELinux is preventing /usr/sbin/mdadm from ioctl access on the blk_file /dev/nvme11n1.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that mdadm should be allowed ioctl access on the nvme11n1 blk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mdadm' --raw | audit2allow -M my-mdadm
# semodule -X 300 -i my-mdadm.pp


Additional Information:
Source Context system_u:system_r:pcp_pmcd_t:s0
Target Context system_u:object_r:nvme_device_t:s0
Target Objects /dev/nvme11n1 [ blk_file ]
Source mdadm
Source Path /usr/sbin/mdadm
Port <Unknown>
Host moonshine
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.3-95.el8_6.4.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-95.el8_6.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name moonshine
Platform Linux moonshine 4.18.0-372.19.1.el8_6.x86_64 #1
                              SMP Tue Aug 2 16:19:42 UTC 2022 x86_64 x86_64
Alert Count 944
First Seen 2022-09-07 00:03:11 PDT
Last Seen 2022-09-15 12:22:37 PDT
Local ID 917240ff-1abf-4e9f-980e-ae9400e137bb

Raw Audit Messages
type=AVC msg=audit(1663269757.936:7035): avc: denied { ioctl } for pid=339434 comm="mdadm" path="/dev/nvme11n1" dev="devtmpfs" ino=40986 ioctlcmd=0x1268 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file permissive=1


Hash: mdadm,pcp_pmcd_t,nvme_device_t,blk_file,ioctl
```

```
# ls -lZ /dev/nvme*n*
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 1 Sep 7 09:25 /dev/nvme0n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 7 Sep 7 09:25 /dev/nvme10n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 9 Sep 7 09:25 /dev/nvme11n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 10 Sep 7 09:25 /dev/nvme12n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 12 Sep 7 09:25 /dev/nvme13n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 23 Sep 7 09:25 /dev/nvme14n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 15 Sep 7 09:25 /dev/nvme15n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 21 Sep 7 09:25 /dev/nvme16n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 13 Sep 7 09:25 /dev/nvme17n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 24 Sep 7 09:25 /dev/nvme18n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 20 Sep 7 09:25 /dev/nvme19n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 0 Sep 7 09:25 /dev/nvme1n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 29 Sep 7 09:25 /dev/nvme20n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 28 Sep 7 09:25 /dev/nvme21n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 11 Sep 7 09:25 /dev/nvme22n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 16 Sep 7 09:25 /dev/nvme22n1p1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 17 Sep 7 09:25 /dev/nvme22n1p2
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 19 Sep 7 09:25 /dev/nvme22n1p3
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 22 Sep 7 09:25 /dev/nvme23n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 25 Sep 7 09:25 /dev/nvme23n1p1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 26 Sep 7 09:25 /dev/nvme23n1p2
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 27 Sep 7 09:25 /dev/nvme23n1p3
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 2 Sep 7 09:25 /dev/nvme2n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 3 Sep 7 09:25 /dev/nvme3n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 4 Sep 7 09:25 /dev/nvme4n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 5 Sep 7 09:25 /dev/nvme5n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 6 Sep 7 09:25 /dev/nvme6n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 8 Sep 7 09:25 /dev/nvme7n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 18 Sep 7 09:25 /dev/nvme8n1
brw-rw----. 1 root disk system_u:object_r:nvme_device_t:s0 259, 14 Sep 7 09:25 /dev/nvme9n1
```

```
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 2.1G 0 rom
nvme1n1 259:0 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme0n1 259:1 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme2n1 259:2 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme3n1 259:3 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme4n1 259:4 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme5n1 259:5 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme6n1 259:6 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme10n1 259:7 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme7n1 259:8 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme11n1 259:9 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme12n1 259:10 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme22n1 259:11 0 477G 0 disk
├─nvme22n1p1 259:16 0 1M 0 part
├─nvme22n1p2 259:17 0 1.5G 0 part
└─nvme22n1p3 259:19 0 475.4G 0 part
  └─ubuntu--vg-ubuntu--lv 253:3 0 100G 0 lvm
nvme13n1 259:12 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme17n1 259:13 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme9n1 259:14 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme15n1 259:15 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme8n1 259:18 0 5.8T 0 disk
└─md101 9:101 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme19n1 259:20 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme16n1 259:21 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme23n1 259:22 0 477G 0 disk
├─nvme23n1p1 259:25 0 600M 0 part /boot/efi
├─nvme23n1p2 259:26 0 1G 0 part /boot
└─nvme23n1p3 259:27 0 475.4G 0 part
  ├─rl-root 253:0 0 70G 0 lvm /
  ├─rl-swap 253:1 0 4G 0 lvm [SWAP]
  └─rl-home 253:2 0 401.4G 0 lvm /home
nvme14n1 259:23 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme18n1 259:24 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme21n1 259:28 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
nvme20n1 259:29 0 5.8T 0 disk
└─md102 9:102 0 52.4T 0 raid6
  └─md0 9:0 0 104.8T 0 raid0
    └─md0p1 259:30 0 104.8T 0 md /mnt/raid
```
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-09-15 19:44 Elliott Balsley New Issue