Bug 168884
| Summary: | "avc: denied { search }" for "security_t:dir" | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.redhat.com/archives/fedora-selinux-list/2005-September/msg00070.html | ||
| Whiteboard: | |||
| Fixed In Version: | 1.27.1-4 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-10-13 15:30:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in selinux-policy-strict-1.27.1-4 Works & thanks, closing. |
Description of problem: I'm getting - since introducing libsetrans - unnecessary avc denied messages: audit(1127126904.541:268): avc: denied { search } for pid=22987 comm="saslauthd" name="/" dev=selinuxfs ino=270 scontext=root:system_r: saslauthd_t tcontext=system_u:object_r:security_t tclass=dir and audit(1126900488.829:250): avc: denied { search } for pid=5725 comm="httpd" name="/" dev=selinuxfs ino=270 scontext=root:system_r:httpd_t tcontext=system_u: object_r:security_t tclass=dir Version-Release number of selected component (if applicable): selinux-policy-targeted-1.27.1-3 How reproducible: Do different things with saslauthd and httpd, but I can't really say, what action causes which message. Actual results: Unnecessary avc denied messages. This bug report looks to be related to "Re: NetworkManager wants security_t:file read..." on fedora-selinux-list (https:// www.redhat.com/archives/fedora-selinux-list/2005-September/msg00070.html). And are you sure, that your comment is the better one (rather Stephen Smalley's suggestion), anyway? Expected results: No avc denied messages any longer - in this case, of course ;-)