Bug 187958
| Summary: | SELinux blocks ping redirect to file | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthew Saltzman <mjs> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5 | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-05-05 15:04:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Unconfined should not be transitioning to ping_t so this has been removed from selinux-policy-targeted-2.2.29-3.fc5 Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed |
Description of problem: SELinux prevents "ping ... > foo". The file foo is created, but no lines are written. An AVC is generated: kernel: audit(1144078487.621:723): avc: denied { ioctl } for pid=22278 comm="ping" name="foo" dev=dm-0 ino=65693 scontext=user_u:system_r:ping_t:s0-s0:c0.c255 tcontext=user_u:object_r:user_home_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.25-3.fc5 How reproducible: Always Steps to Reproduce: 1. ping www.redhat.com > foo 2. Wait a few secs. 3. Actual results: Described above. Expected results: Results of ping written to file Additional info: ping output to console works fine. Redirect is blocked for root as well as normal users. "ping | cat > foo" is a workaround.