Bug 151395
Summary: | avc: denied [...] exe=/sbin/consoletype | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-targeted-1.23.3-2 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-03-20 02:43:31 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
sangu
2005-03-17 16:19:08 UTC
Created attachment 112096 [details]
dmesg
Fixed in selinux-policy-targeted-1.23.3-1 This problem happens in selinux-policy-targeted-1.23.3-2 in dmesg [...] audit(1111240183.613:0): avc: denied { read write } for pid=3519 exe=/sbin/consoletype path=/dev/tty dev=tmpfs ino=2107 scontext=user_u:system_r:consoletype_t tcontext=system_u:object_r:devtty_t tclass=chr_file $ls -lZ /sbin/consoletype -rwxr-xr-x root root system_u:object_r:consoletype_exec_t /sbin/consoletype Whenever mc does be excuted, this problem happens. mc 4.6.1a-0.5. in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be present? restorecon -R -v /sbin/consoletype should change it's context to sbin_t. If it does not you probably have a version of consoletype.te in /etc/selinux/targeted/src/policy/domains/program/consoletype.te Please remove it. make -c /etc/selinux/targeted/src/policy load Then restorecon /sbin/consoletype Dan (In reply to comment #4) > in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be > present? restorecon -R -v /sbin/consoletype should change it's context to sbin_t. > Not Fixed. > If it does not you probably have a version of consoletype.te in > /etc/selinux/targeted/src/policy/domains/program/consoletype.te > Please remove it. It's no present in /etc/selinux/targeted/src/policy/domains/program/. > make -c /etc/selinux/targeted/src/policy load in dmesg [...] audit(1111286164.417:0): avc: granted { load_policy } for pid=3956 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security security: 3 users, 5 roles, 585 types, 61 bools security: 54 classes, 70952 rules security: invalidating context system_u:object_r:hostname_exec_t security: invalidating context user_u:system_r:hostname_t security: invalidating context system_u:object_r:consoletype_exec_t security: invalidating context user_u:system_r:consoletype_t security: invalidating context root:system_r:consoletype_t > Then restorecon /sbin/consoletype This bug 15139 doesn't appear. Fixed > Dan Thanks you, Dan. |