Bug 1017107

Summary: radiusd cannot write to tmp
Product: Red Hat Enterprise Linux 6 Reporter: Karel Srot <ksrot>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: dwalsh, mmalik, pkis
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-245.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 965639
: 1096891 (view as bug list) Environment:
Last Closed: 2014-10-14 07:57:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1096891    

Description Karel Srot 2013-10-09 09:29:07 UTC
Description of problem:
The following AVC denial appears when radiusd integrated with kerberos is trying to authenticate an user.

time->Tue Oct  8 14:18:25 2013
type=PATH msg=audit(1381256305.822:917): item=0 name="/var/tmp/" inode=2621539 dev=fd:00 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0
type=CWD msg=audit(1381256305.822:917):  cwd="/"
type=SYSCALL msg=audit(1381256305.822:917): arch=c000003e syscall=2 success=no exit=-13 a0=7fe5740089e0 a1=2c1 a2=180 a3=7fe57ed6e700 items=1 ppid=1 pid=14030 auid=4294967295 uid=95 gid=95 euid=95 suid=95 fsuid=95 egid=95 sgid=95 fsgid=95 tty=(none) ses=4294967295 comm="radiusd" exe="/usr/sbin/radiusd" subj=unconfined_u:system_r:radiusd_t:s0 key=(null)
type=AVC msg=audit(1381256305.822:917): avc:  denied  { write } for  pid=14030 comm="radiusd" name="tmp" dev=dm-0 ino=2621539 scontext=unconfined_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir


Steps to Reproduce:
1. Integrate radiusd with kerberos
2. Try to authenticate a kerberos user via radius

Comment 2 Lukas Vrabec 2014-06-25 13:36:48 UTC
patch sent.

Comment 6 errata-xmlrpc 2014-10-14 07:57:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1568.html