| Summary: | spindown-disk/script.sh useless find | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Branislav Blaškovič <bblaskov> |
| Component: | tuned | Assignee: | Jaroslav Škarvada <jskarvad> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Branislav Blaškovič <bblaskov> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | jeder, jskarvad |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | tuned-2.3.0-4.el7 | Doc Type: | Bug Fix |
| Doc Text: |
Cause:
There was called useless find command in the spindown-disk profile.
Consequence:
This could cause several SELinux AVCs.
Fix:
The find command was removed.
Result:
No more related SELinux AVCs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 11:38:28 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
It is probably typo (copy&paste error :) from one of the previous maintainers. It is harmless (not counting the AVCs) and included in the profiles-compat which are phasing out. It is already fixed upstream. I cannot see 'find' in /usr/lib/tuned/spindown-disk/script.sh from package: tuned-profiles-compat-2.3.0-4.el7.noarch VERIFIED This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: In package tuned-profiles-compat-2.3.0-3.el7.noarch there is useless find which can occour AVCs. Version-Release number of selected component (if applicable): tuned-profiles-compat-2.3.0-3.el7.noarch Steps to Reproduce: 1. Start this profile Actual results: type=SYSCALL msg=audit(1384433337.378:66): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=f676e8 a2=7fff43c10d90 a3=100 items=0 ppid=11559 pid=11582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:tuned_t:s0 key=(null) type=AVC msg=audit(1384433337.378:66): avc: denied { getattr } for pid=11582 comm="find" path="/etc/my.cnf" dev="dm-1" ino=134885044 scontext=system_u:system_r:tuned_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file Expected results: We don't need this line Additional info: /usr/lib/tuned/spindown-disk/script.sh line 15: find /etc/ &> /dev/null It's fixed in upstream: https://git.fedorahosted.org/cgit/tuned.git/commit/?id=a47b0e1be74f31d15279aac8ae5b1438932844a2