Bug 183387
Summary: | SELinux breaks ps | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ron Yorston <rmy> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | deisenst, jmorris, rcoker, sdsmall |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-2.2.23-15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-03-04 15:37:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ron Yorston
2006-02-28 19:47:03 UTC
This is intended behaviour and part of SELinux with MCS policy. If you want a user to be able to see these processes you could set them up with the privs to read them semanage login -m -r s0-SystemHigh Login I'm not sure that is an intentional behavior for MCS, which is discretionary and primarily file-oriented. Likely just an inadvertent side effect of the constraints on file access, since the attempt to access /proc/pid entries will look like an attempt to access a file with the categories of that process. Possibly that constraint should have an exception for t2 == domain, i.e. file has a domain label thereby implying a proc file? Fixed in selinux-policy-2.2.23-15 |