From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 10 Nov 2012 18:35:25 +0100
Subject: [refpolicy] [PATCH 3/4] lvm needs read access to the event queue of
	udev
In-Reply-To: <1352568926-21328-1-git-send-email-sven.vermeulen@siphos.be>
References: <1352568926-21328-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1352568926-21328-4-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The udev event queue (queue.bin file) is located in the /run/udev folder and
labeled udev_var_run_t. Hence, allow the lvm_t domain read access on this file.

Without this access, LVM operations that manipulate the volumes (like creating
an additional logical volume) results in failures like the following:

  /dev/vg/test: not found: device not cleared
  Aborting. Failed to wipe start of new LV.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/lvm.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 8c8c6b7..e2c4705 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -343,6 +343,7 @@ optional_policy(`
 
 optional_policy(`
 	udev_read_db(lvm_t)
+	udev_read_pid_files(lvm_t)
 ')
 
 optional_policy(`
-- 
1.7.8.6