Bug 151395

Summary: avc: denied [...] exe=/sbin/consoletype
Product: [Fedora] Fedora Reporter: sangu <sangu.fedora>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-targeted-1.23.3-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-20 02:43:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dmesg none

Description sangu 2005-03-17 16:19:08 UTC 
Description of problem:
in dmesg
[...]
audit(1111075510.556:0): avc:  denied  { read write } for  pid=8141
exe=/sbin/consoletype path=/dev/tty dev=tmpfs ino=2162
scontext=user_u:system_r:consoletype_t tcontext=system_u:object_r:devtty_t
tclass=chr_file

$ls -lZ /sbin/consoletype
-rwxr-xr-x  root     root     system_u:object_r:consoletype_exec_t /sbin/consoletype


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.2-1

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
initscripts-8.05-1
Comment 1 sangu 2005-03-17 16:19:08 UTC 
Created attachment 112096 [details]
dmesg
Comment 2 Daniel Walsh 2005-03-17 16:42:48 UTC 
Fixed in selinux-policy-targeted-1.23.3-1
Comment 3 sangu 2005-03-19 13:58:19 UTC 
This problem happens in selinux-policy-targeted-1.23.3-2
in dmesg
[...]
audit(1111240183.613:0): avc:  denied  { read write } for  pid=3519
exe=/sbin/consoletype path=/dev/tty dev=tmpfs ino=2107
scontext=user_u:system_r:consoletype_t tcontext=system_u:object_r:devtty_t
tclass=chr_file


$ls -lZ /sbin/consoletype
-rwxr-xr-x  root     root     system_u:object_r:consoletype_exec_t /sbin/consoletype

Whenever mc does be excuted, this problem happens.

mc 4.6.1a-0.5.
Comment 4 Daniel Walsh 2005-03-19 20:40:08 UTC 
in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be
present?  restorecon -R -v /sbin/consoletype should change it's context to sbin_t.

If it does not you probably have a version of consoletype.te in
/etc/selinux/targeted/src/policy/domains/program/consoletype.te

Please remove it.
make -c /etc/selinux/targeted/src/policy load

Then restorecon /sbin/consoletype
Dan
Comment 5 sangu 2005-03-20 02:42:22 UTC 
(In reply to comment #4)
> in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be
> present?  restorecon -R -v /sbin/consoletype should change it's context to sbin_t.
>
Not Fixed.
 
> If it does not you probably have a version of consoletype.te in
> /etc/selinux/targeted/src/policy/domains/program/consoletype.te
> Please remove it.
It's no present in /etc/selinux/targeted/src/policy/domains/program/.

> make -c /etc/selinux/targeted/src/policy load
in dmesg
[...]
audit(1111286164.417:0): avc:  granted  { load_policy } for  pid=3956
exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
security:  3 users, 5 roles, 585 types, 61 bools
security:  54 classes, 70952 rules
security:  invalidating context system_u:object_r:hostname_exec_t
security:  invalidating context user_u:system_r:hostname_t
security:  invalidating context system_u:object_r:consoletype_exec_t
security:  invalidating context user_u:system_r:consoletype_t
security:  invalidating context root:system_r:consoletype_t
 
> Then restorecon /sbin/consoletype

This bug 15139 doesn't appear. Fixed

> Dan

Thanks you, Dan.