Bug 160567

Summary: acrobat reader fails, lots of avc messages
Product: [Fedora] Fedora Reporter: Daniel Hammer <h0m6r3>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 1.17.30-3.9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-17 18:47:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Hammer 2005-06-15 20:17:21 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Updated selinux-policy-targeted (1.17.30-2.96 => 1.17.30-3.2), rebooted the system 
and have got lots of avc messages like

audit(1118845409.714:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir
audit(1118845409.722:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir
audit(1118845409.733:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir
audit(1118845409.742:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir
audit(1118845409.801:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir
audit(1118845409.810:0): avc:  denied  { search } for  pid=4212 exe=/usr/sbin/httpd name=nscd dev=hda2 ino=1011885 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir

before upgrading therer where none. Tried to start acrobat reader (AdobeReader_enu-7.0.0-2.i386.rpm) but it does'nt. 

/sbin/fixfiles -F relabel does not help in any way.

Strace /usr/bin/acroread {file} freezes X completely.

Looking at CHANGELOG seems to me, that the last two updates ruined the package.


Version-Release number of selected component (if applicable):
selinux-policy-targeted 1.17.30-3.2

How reproducible:
Always

Steps to Reproduce:
1. install selinux-policy-targeted 1.17.30-3.2
2. reboot
3. get lots of avc messages
4. try to start acrobat reader
  

Actual Results:  lots of avc messages
no acrobat reader 
strace /usr/bin/acroread {file} freezes X completel

Expected Results:  none of above

Additional info:

This is reproducable on various of my machines (notebook, PC, etc.)
Comment 1 Daniel Walsh 2005-06-15 20:20:03 UTC 
Fixed in selinux-policy-targeted 1.17.30-3.9