Bug 222179

Summary: tzdata-update prevented from searching /var/spool/postfix
Product: [Fedora] Fedora Reporter: David Juran <djuran>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: dwalsh, mark, nsoranzo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-2.4.6-25 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-11 11:40:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Juran 2007-01-10 19:22:47 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.9) Gecko/20061219 Fedora/1.5.0.9-1.fc6 Firefox/1.5.0.9 pango-text

Description of problem:
When updating glibc to -2.5-10.fc6, setroubleshoot popped up the following deny message:

avc: denied { search } for comm="tzdata-update" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/tzdata-update" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="postfix" pid=3865 scontext=user_u:system_r:tzdata_t:s0 sgid=0 subj=user_u:system_r:tzdata_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:postfix_spool_t:s0 tty=(none) uid=0 

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-17.fc6

How reproducible:
Always


Steps to Reproduce:
1. sudo rpm -Uvh glibc-* nscd-2.5-10.fc6.x86_64.rpm


Actual Results:


Expected Results:


Additional info:
Comment 1 Daniel Walsh 2007-01-10 20:51:50 UTC 
Were you sitting in the /var/spool/postfix directory when you did the rpm?
Comment 2 Nicola Soranzo 2007-01-11 00:48:30 UTC 
I saw the same and I was in my user home directory when I executed sudo yum update.
Comment 3 David Juran 2007-01-11 08:48:31 UTC 
No, but on line 534 in ./glibc-2.5-20061008T1257/fedora/tzdata-update.c there is
a reference to /var/spool/postfix/etc/localtime. I'm not quite sure what
tzdata-update is supposed to be doing, but I suspect this line is causing the
denial. Now whether tzdata-update should be messing with postfix files or not is
another question...
Comment 4 Daniel Walsh 2007-01-11 13:17:15 UTC 
Fixed in selinux-policy-2.4.6-25
Comment 5 Nicola Soranzo 2007-06-08 15:59:09 UTC 
This bug should be closed!
Comment 6 David Juran 2007-06-11 11:40:01 UTC 
In deed.