Bug 169999

Summary: avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket
Product: Red Hat Enterprise Linux 4 Reporter: Peter Bieringer <pb>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: wilksen
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2006-0049 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-07 18:11:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 168429    

Description Peter Bieringer 2005-10-06 11:58:43 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

Description of problem:
Upper message was found in log

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.110

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to RHEL4U2
2. restart nscd
  

Actual Results:  log line:
audit(1128599883.598:7): avc:  denied  { create } for  pid=9407 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket


Expected Results:  No such log line


Additional info:

System is fresh relabeled.

BTW: impact to proper work of nscd is currently unknown, because system is running in state "permissive" at the moment (digging into another issue...).
Comment 1 Peter Bieringer 2005-10-06 12:08:46 UTC 
After fresh loadin of policy (changed a boolean to solve another problem),
following occurs in log:

audit(1128600569.610:43): avc:  denied  { write } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:44): avc:  denied  { nlmsg_relay } for  pid=9408
comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:45): avc:  denied  { read } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
Comment 2 wilksen 2005-10-06 21:18:17 UTC 
Confirmed here. This apparently affects also NetworkManager working correctly
which did function before upgrading to RHEL4 U2. I do see the same audit logs
when starting NetworkManager.
Comment 3 Daniel Walsh 2005-10-07 20:50:57 UTC 
Fixed in selinux-policy-targeted-1.17.30-2.113

Available for test at ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3
Comment 4 Shing-Shong Shei 2005-10-15 16:42:59 UTC 
This is probably related to the selinux policy change, I noticed the
following error in /var/log/messages:

---------------------
dbus: Can't send to audit system: USER_AVC pid=2711 uid=81 loginuid=-1
message=avc:  1 AV entries and 1/512 buckets used, longest chain length 1
---------------------

Users have complained that USB memory stick stopped being automounted
and here is the error messages:

---------------------
...
Oct 15 10:46:11 apiucf4 kernel: usb 5-1: new full speed USB device using address 2
Oct 15 10:46:13 apiucf4 kernel: Initializing USB Mass Storage driver...
Oct 15 10:46:13 apiucf4 kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Oct 15 10:46:13 apiucf4 kernel:   Vendor: Generic   Model: PEN DISK         
Rev: 7.78
Oct 15 10:46:13 apiucf4 kernel:   Type:   Direct-Access                     
ANSI SCSI revision: 02
Oct 15 10:46:13 apiucf4 kernel: SCSI device sdc: 256000 512-byte hdwr sectors
(131 MB)
Oct 15 10:46:13 apiucf4 kernel: sdc: assuming drive cache: write through
Oct 15 10:46:13 apiucf4 kernel:  sdc: sdc1
Oct 15 10:46:13 apiucf4 kernel: Attached scsi disk sdc at scsi2, channel 0, id
0, lun 0
Oct 15 10:46:13 apiucf4 kernel: usbcore: registered new driver usb-storage
Oct 15 10:46:13 apiucf4 kernel: USB Mass Storage support registered.
Oct 15 10:46:13 apiucf4 scsi.agent[4797]: disk at
/devices/pci0000:00/0000:00:1d.3/usb5/5-1/5-1:1.0/host2/target2:0:0/2:0:0:0
Oct 15 10:46:14 apiucf4 fstab-sync[4856]: added mount point /media/PEN_DISK for
/dev/sdc1
Oct 15 10:46:15 apiucf4 dbus: Can't send to audit system: USER_AVC pid=2824
uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
 scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Oct 15 10:46:30 apiucf4 last message repeated 3 times
...
--------------------------

Thanks,
Bruce
Comment 5 Daniel Walsh 2005-10-15 17:00:01 UTC 

*** This bug has been marked as a duplicate of 170064 ***
Comment 8 Red Hat Bugzilla 2006-03-07 18:11:37 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0049.html