I run a system with hardened Gentoo under a KVM/QEMU. I am new to SELinux and make heavy use of audit2allow to get things working. When doing this I include and carry along the location of the disk, for example /dev/sdb1 or /dev/sdc1 - but there is a problem I can't change with a hypervisor I don't control of them getting swapped around after reboots. They are virtio disks and one is for /usr and one is for /home and when it happens much policy from audit2allow stops working.
Here is an example of /var/log/audit/audit.log output which uses sdb/sdb.
type=AVC msg=audit(1545017678.720:103): avc: denied { getattr } for pid=4496 comm="nginx" path="/var/www/user428/site/index.html" dev="sdc1" ino=1698414 scontext=system_u:system_r:nginx_t tcontext=system_u:object_r:httpd_user_rw_content_t tclass=file permissive=1
I need to change my SELinux policy in bulk somehow to change the disk ids. It would be good if I could get it auditing disks by their UUIDs in the audit log, so further auditing doesn't have this issue in the future. I've mostly read Gentoo project's documentation on SELinux.
If you want me to read more documentation tell me where to find it in comments, but quick help with the chaos of the problem I'm having is much needed as well.
0 Answers