a95798aa08
[ Upstream commit 97a54ef596c3fd24ec2b227ba8aaf2cf5415e779 ] If the systemd-modules service loads the target module, the credentials of that userspace process will be used to validate the access to the target db directory. SELinux will prevent it, reporting an error like the following: kernel: audit: type=1400 audit(1676301082.205:4): avc: denied { read } for pid=1020 comm="systemd-modules" name="target" dev="dm-3" ino=4657583 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=0 Fix the error by using the kernel credentials to access the db directory Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Link: https://lore.kernel.org/r/20240215143944.847184-2-mlombard@redhat.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
---|---|---|
.. | ||
iscsi | ||
loopback | ||
sbp | ||
tcm_fc | ||
Kconfig | ||
Makefile | ||
target_core_alua.c | ||
target_core_alua.h | ||
target_core_configfs.c | ||
target_core_device.c | ||
target_core_fabric_configfs.c | ||
target_core_fabric_lib.c | ||
target_core_file.c | ||
target_core_file.h | ||
target_core_hba.c | ||
target_core_iblock.c | ||
target_core_iblock.h | ||
target_core_internal.h | ||
target_core_pr.c | ||
target_core_pr.h | ||
target_core_pscsi.c | ||
target_core_pscsi.h | ||
target_core_rd.c | ||
target_core_rd.h | ||
target_core_sbc.c | ||
target_core_spc.c | ||
target_core_stat.c | ||
target_core_tmr.c | ||
target_core_tpg.c | ||
target_core_transport.c | ||
target_core_ua.c | ||
target_core_ua.h | ||
target_core_user.c | ||
target_core_xcopy.c | ||
target_core_xcopy.h |