Bug 119076
| Summary: | avc denied /usr/sbin/gpm | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ben Levenson <benl> |
| Component: | system-config-date | Assignee: | Brent Fox <bfox> |
| Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | bfox, pgraner |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.7.3-1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-03-24 22:14:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 114961 | ||
Actually, /etc/localtime should probably be readable by all domains. This looks like a labeling problem. /etc/localtime should be locale_t Who create localtime? How could it get mislabeled? switching timezones with 'system-config-{date,time}' rewrites
/etc/localtime:
before: system_u:object_r:locale_t
after: root:object_r:etc_t
adding system-config-date owner to Cc
If instead of removing the localtime, you could copy over it. This would maintain the security context. Dan Should be fixed in system-config-date-1.7.3-1 in dist-fc2-hold. file context is preserved with s-c-d-1.7.3-1. |
Description of problem: 'service gpm restart' produces the following avc denial: avc: denied { read } for pid=3597 exe=/usr/sbin/gpm name=localtime dev=dm-0 ino=924810 scontext=root:system_r:gpm_t tcontext=root:object_r:etc_t tclass=file Version-Release number of selected component (if applicable): policy-1.9-15 from audit2allow: allow gpm_t etc_t:file { read };