Commit 97a54ef5 authored Feb 15, 2024 by Maurizio Lombardi Committed by Martin K. Petersen Apr 05, 2024

scsi: target: Fix SELinux error when systemd-modules loads the target module

If the systemd-modules service loads the target module, the credentials of
that userspace process will be used to validate the access to the target db
directory. SELinux will prevent it, reporting an error like the following:

kernel: audit: type=1400 audit(1676301082.205:4): avc: denied { read }
for pid=1020 comm="systemd-modules" name="target" dev="dm-3"
ino=4657583 scontext=system_u:system_r:systemd_modules_load_t:s0
tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=0

Fix the error by using the kernel credentials to access the db directory

Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Link: https://lore.kernel.org/r/20240215143944.847184-2-mlombard@redhat.com

Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

parent d4e655c4

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit a6601878
· Jun 26, 2024

mentioned in commit a6601878

mentioned in commit a66018780c53b975af6b1a0477ee82d317e8208e

Toggle commit list

Please register or to comment