Is that denial actually manifesting itself as some broken functionality?
Also, why is fsck getting invoked on swap, especially one backed by zram?
On Jan 18, 2016 8:20 AM, "Inamdar Sharif" <isha...@nvidia.com> wrote:
> Hi Guys,
>
>
>
> I am facing the below avc denial while enabling zram.
>
>
> avc: denied { getattr } for pid=7545 comm="e2fsck" path="/dev/block/zram0"
> dev="tmpfs" ino=11973 scontext=u:r:fsck:s0
> tcontext=u:object_r:swap_block_device:s0 tclass=blk_file permissive=0
>
>
>
> I have labelled dev/block/zram0 as swap_block_device
>
> Also I have an entry in the fstab :
>
> /dev/block/zram0 none swap defaults
> zramsize=536870912
>
>
>
> But due to neverallow rule in fsck.te the above permission cannot be
> granted.
>
> # fsck should never be run on these block devices
>
> neverallow fsck {
>
> boot_block_device
>
> frp_block_device
>
> metadata_block_device
>
> recovery_block_device
>
> root_block_device
>
> swap_block_device
>
> system_block_device
>
> vold_device
>
> }:blk_file no_rw_file_perms;
>
>
>
> So I think we have to remove swap_block_device from the neverallow. Any
> suggestions??
>
>
>
> Thanks.
> ------------------------------
> This email message is for the sole use of the intended recipient(s) and
> may contain confidential information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message.
> ------------------------------
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.
>
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
