Bug 188558
| Summary: | ctlinnd does not work in FC5 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tomasz Kepczynski <tomek> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5 | CC: | dwalsh |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-03-28 20:06:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Have to add transition rules from uncofined_t to innd_t, Have done this in rawhide policy and will back port it in one week. selinux-policy-2.2.38-2 Closing bugs |
Description of problem: ctlinnd does not work in FC5 Version-Release number of selected component (if applicable): gklab-59-001:~# rpm -q selinux-policy-targeted inn selinux-policy-targeted-2.2.25-3.fc5 inn-2.4.2-4.2.1 How reproducible: Always Steps to Reproduce: 1. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux enforcing 2. command hangs 3. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux permissive 4. command works gklab-59-001:~# strace /usr/lib/news/bin/ctlinnd throttle '' execve("/usr/lib/news/bin/ctlinnd", ["/usr/lib/news/bin/ctlinnd", "throttle", ""], [/* 39 vars */]) = 0 ... ... kill(4414, SIG_0) = 0 sendto(3, "a\0!/var/run/news/ctlinndUQu4Rl\1r"..., 33, 0, {sa_family=AF_FILE, path="/var/run/news/control"}, 23) = 33 select(4, [3], NULL, NULL, {120, 0} ^^^^^^ Command hangs here gklab-59-001:~# ausearch -c innd ... ... ---- time->Tue Apr 11 08:39:29 2006 type=PATH msg=audit(1144737569.258:105): item=0 flags=1 inode=2427192 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 type=SOCKETCALL msg=audit(1144737569.258:105): nargs=6 a0=e a1=8d2fdb0 a2=11 a3=0 a4=bfad916a a5=1d type=SOCKADDR msg=audit(1144737569.258:105): saddr=01002F7661722F72756E2F6E6577732F63746C696E6E6455517534526C type=AVC_PATH msg=audit(1144737569.258:105): path="/var/run/news/ctlinndUQu4Rl" type=SYSCALL msg=audit(1144737569.258:105): arch=40000003 syscall=102 success=no exit=-13 a0=b a1=bfad5100 a2=75da14 a3=11 items=1 pid=4414 auid=43270 uid=9 gid=13 euid=9 suid=9 fsuid=9 egid=13 sgid=13 fsgid=13 comm="innd" exe="/usr/lib/news/bin/innd" type=AVC msg=audit(1144737569.258:105): avc: denied { sendto } for pid=4414 comm="innd" name="ctlinndUQu4Rl" scontext=user_u:system_r:innd_t:s0 tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=unix_dgram_socket