Bug 169999
Summary: | avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Peter Bieringer <pb> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.0 | CC: | wilksen |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2006-0049 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-03-07 18:11:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 168429 |
Description
Peter Bieringer
2005-10-06 11:58:43 UTC
After fresh loadin of policy (changed a boolean to solve another problem), following occurs in log: audit(1128600569.610:43): avc: denied { write } for pid=9408 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket audit(1128600569.610:44): avc: denied { nlmsg_relay } for pid=9408 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket audit(1128600569.610:45): avc: denied { read } for pid=9408 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket Confirmed here. This apparently affects also NetworkManager working correctly which did function before upgrading to RHEL4 U2. I do see the same audit logs when starting NetworkManager. Fixed in selinux-policy-targeted-1.17.30-2.113 Available for test at ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3 This is probably related to the selinux policy change, I noticed the following error in /var/log/messages: --------------------- dbus: Can't send to audit system: USER_AVC pid=2711 uid=81 loginuid=-1 message=avc: 1 AV entries and 1/512 buckets used, longest chain length 1 --------------------- Users have complained that USB memory stick stopped being automounted and here is the error messages: --------------------- ... Oct 15 10:46:11 apiucf4 kernel: usb 5-1: new full speed USB device using address 2 Oct 15 10:46:13 apiucf4 kernel: Initializing USB Mass Storage driver... Oct 15 10:46:13 apiucf4 kernel: scsi2 : SCSI emulation for USB Mass Storage devices Oct 15 10:46:13 apiucf4 kernel: Vendor: Generic Model: PEN DISK Rev: 7.78 Oct 15 10:46:13 apiucf4 kernel: Type: Direct-Access ANSI SCSI revision: 02 Oct 15 10:46:13 apiucf4 kernel: SCSI device sdc: 256000 512-byte hdwr sectors (131 MB) Oct 15 10:46:13 apiucf4 kernel: sdc: assuming drive cache: write through Oct 15 10:46:13 apiucf4 kernel: sdc: sdc1 Oct 15 10:46:13 apiucf4 kernel: Attached scsi disk sdc at scsi2, channel 0, id 0, lun 0 Oct 15 10:46:13 apiucf4 kernel: usbcore: registered new driver usb-storage Oct 15 10:46:13 apiucf4 kernel: USB Mass Storage support registered. Oct 15 10:46:13 apiucf4 scsi.agent[4797]: disk at /devices/pci0000:00/0000:00:1d.3/usb5/5-1/5-1:1.0/host2/target2:0:0/2:0:0:0 Oct 15 10:46:14 apiucf4 fstab-sync[4856]: added mount point /media/PEN_DISK for /dev/sdc1 Oct 15 10:46:15 apiucf4 dbus: Can't send to audit system: USER_AVC pid=2824 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Oct 15 10:46:30 apiucf4 last message repeated 3 times ... -------------------------- Thanks, Bruce *** This bug has been marked as a duplicate of 170064 *** An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0049.html |