Fix ras-mc-ctl.service (rasdaemon)

[im-0]

ras-mc-ctl.service fails to start when in Enforcing mode:

# systemctl status ras-mc-ctl.service
× ras-mc-ctl.service - Initialize EDAC v3.0.0 Drivers For Machine Hardware
     Loaded: loaded (/usr/lib/systemd/system/ras-mc-ctl.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: failed (Result: exit-code) since Sat 2024-03-02 12:12:11 +05; 1s ago
   Duration: 16min 7.651s
    Process: 19995 ExecStart=/usr/sbin/ras-mc-ctl --register-labels (code=exited, status=1/FAILURE)
   Main PID: 19995 (code=exited, status=1/FAILURE)
        CPU: 28ms

Mar 02 12:12:11 im-desktop.local systemd[1]: Starting ras-mc-ctl.service - Initialize EDAC v3.0.0 Drivers For Machine Hardware...
Mar 02 12:12:11 im-desktop.local systemd[1]: ras-mc-ctl.service: Main process exited, code=exited, status=1/FAILURE
Mar 02 12:12:11 im-desktop.local systemd[1]: ras-mc-ctl.service: Failed with result 'exit-code'.
Mar 02 12:12:11 im-desktop.local systemd[1]: Failed to start ras-mc-ctl.service - Initialize EDAC v3.0.0 Drivers For Machine Hardware.

audit.log shows following error when in Permissive mode:

type=AVC msg=audit(1709359272.102:3163): avc:  denied  { write } for  pid=15841 comm="ras-mc-ctl" name="dimm_label" dev="sysfs" ino=53742 scontext=system_u:system_r:rasdaemon_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1

Those are two separate problems:

1) modutils_dontaudit_exec_kmod(rasdaemon_t) prevents ras-mc-ctl from finding modprobe binary at https://github.com/mchehab/rasdaemon/blob/v0.8.0/util/ras-mc-ctl.in#L42 It also suppresses all audit events about this.

2) There is no write access for /sys/. It is required to write DIMM labels in /sys/devices/system/edac/mc/.

Resolves: rhbz#1836861 Resolves: https://github.com/fedora-selinux/selinux-policy/issues/2054 Resolves: https://github.com/mchehab/rasdaemon/issues/79