Bug 622140
Summary: | SELinux is preventing /bin/bash access to a leaked /root file descriptor | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Kho <rh-bugzilla> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | benjavalero, dwalsh, john5342, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.8.8-20.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-09-01 06:02:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Kho
2010-08-07 16:47:52 UTC
Información Adicional: Contexto Fuente system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Contexto Destino system_u:object_r:admin_home_t:s0 Objetos Destino /root [ dir ] Fuente prelink Dirección de Fuente /bin/bash Puerto <Desconocido> Nombre de Equipo (eliminado) Paquetes RPM Fuentes bash-4.1.7-1.fc13 Paquetes RPM Destinos filesystem-2.4.31-1.fc13 RPM de Políticas selinux-policy-3.7.19-44.fc13 SELinux Activado True Tipo de Política targeted Modo Obediente Permissive Nombre de Plugin leaks Nombre de Equipo (eliminado) Plataforma Linux localhost.localdomain 2.6.34.2-34.fc13.i686 #1 SMP Thu Aug 5 23:34:56 UTC 2010 i686 i686 Cantidad de Alertas 1 Visto por Primera Vez mié 11 ago 2010 08:49:36 CEST Visto por Última Vez mié 11 ago 2010 08:49:36 CEST ID Local 8a7ebb30-a3e9-4f6e-95c3-40721e137644 Números de Línea Mensajes de Auditoría Crudos node=localhost.localdomain type=AVC msg=audit(1281509376.85:24): avc: denied { read } for pid=13985 comm="prelink" path="/root" dev=sda2 ino=307 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir node=localhost.localdomain type=SYSCALL msg=audit(1281509376.85:24): arch=40000003 syscall=11 success=yes exit=0 a0=9856c20 a1=9856f08 a2=9853b88 a3=9856f08 items=0 ppid=13798 pid=13985 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.8.8-12.fc14 selinux-policy-3.8.8-20.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/selinux-policy-3.8.8-20.fc14 selinux-policy-3.8.8-20.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.8.8-20.fc14 selinux-policy-3.8.8-20.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.8.8-20.fc14 selinux-policy-3.8.8-20.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |