Bug 155849
| Summary: | avc: denied { write } for name=rhgb-socket | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | sangu <sangu.fedora> | ||||
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | selinux-policy-targeted-1.23.18-2 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-06-10 09:55:29 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Fixed in selinux-policy-*-1.23.13-3 Created attachment 113721 [details]
dmesg in kernel-2.6.11-1.1268_FC4
After installing selinux-policy-*-1.23.13-3, audit error messages are changed
in dmesg.
[...]
audit(1114611219.454:0): avc: denied { write } for
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6990
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
[...]
audit(1114611242.177:0): avc: denied { lock } for path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.753:0): avc: denied { lock } for path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.905:0): avc: denied { lock } for path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611243.042:0): avc: denied { lock } for path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611252.611:0): avc: denied { connectto } for
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t
restorecon -v /etc/fstab should clear most of them. Dan Dan : thank your comments.
/etc/fstab problem is fixed.
$restorecon -v /etc/fstab
After rebooting
$dmesg | grep avc
audit(1114621106.443:0): avc: denied { write } for
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=7080
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1114621145.580:0): avc: denied { connectto } for
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket
in selinux-policy-targeted-1.23.14-2, kernel-2.6.11-1.1282_FC4
$ dmesg | grep avc
audit(1115168226.367:0): avc: denied { write } for
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6650
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1115168263.211:0): avc: denied { search } for name=rhgb dev=hda8
ino=211872 scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t
tclass=dir
|
Description of problem: in dmesg [...] audit(1114306425.761:0): avc: denied { write } for name=rhgb-socket dev=ramfs ino=6052 scontext=system_u:system_r:init_t tcontext=system_u:object_r:ramfs_t tclass=sock_file [...] Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.12-4 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: rhgb-0.16.2-3 kernel-2.6.11-1.1261_FC4