Bug 117784
| Summary: | "rpm" avc denial errors (mostly benign) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Stephen Tweedie <sct> |
| Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | russell, sct |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-03-08 19:01:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in policy-sources-1.7-9 |
Description of problem: "rpm" installs result in various avc errors: audit(1078760380.571:0): avc: denied { getattr } for pid=3240 exe=/bin/rpm path=/home dev= ino=1 scontext=root:sysadm_r:rpm_t tcontext=system_u:object_r:autofs_t tclass=dir which is associated with the immediate error: # rpm -ivh kernel-2.6.3-2.1.242.i686.rpm error: failed to stat /home: Permission denied where /home is an autofs filesystem; audit(1078760413.660:0): avc: denied { search } for pid=3241 exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:object_r:devpts_t tclass=dir where the rpm script fails to read the pty associated with the (ssh) login; audit(1078760413.710:0): avc: denied { search } for pid=3241 exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:object_r:proc_t tclass=dir audit(1078760413.760:0): avc: denied { search } for pid=3241 exe=/bin/bash dev=0:e ino=2 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:object_r:nfs_t tclass=dir where the script fails to access /proc, and the nfs directory from which the install is being run, respectively. The rpm install appears to proceed normally despite these, but there may obviously be unanticipated problems in the post-install script's execution as a result of the avc denied errors. Version-Release number of selected component (if applicable): rawhide-20040305 with upgraded policy rpms policy-1.7-8 rpm-4.3-0.17 How reproducible: 100% Steps to Reproduce: 1. Install any rpm on a system with autofs-mounted /home (for autofs_t error); or install an rpm with a post-install script (for devpts error); or install an rpm with a post-install script, where the rpm package is located on an nfs filesystem (for nfs_t script error) Actual results: avc errors detailed above Expected results: no avc errors