Bug 237391

Summary: AVC on boot: accessing /etc/audit
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, kzak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-24 16:18:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom London 2007-04-21 19:51:19 UTC 
Description of problem:
Get this (in /var/log/messages) booting latest rawhide:

Apr 21 09:35:55 localhost kernel: audit(1177173338.205:7): avc:  denied  {
search } for  pid=1759 comm="readahead" name="audit" dev=dm-0 ino=11076215
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir

/etc/readahead.d/early.sorted has:

448 /etc/audit/auditd.conf


Version-Release number of selected component (if applicable):
readahead-1.4.1-2.fc7

How reproducible:
every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Karel Zak 2007-04-23 12:13:04 UTC 
Hmm... the readahead should be able to read all files that system uses during boot.

Note there is few files (like /var/lib/random-seed) that will be removed from
the default readahead lists in the next update, because these files are from
very early boot time (time before /etc/init.d/readahead_early execution).

But the file /etc/audit/auditd.conf definitely belong to readahead list.
Comment 2 Tom London 2007-04-24 16:09:47 UTC 
Seems to be gone with selinux-policy-targeted-2.6.1-1.fc7

Didn't see anything in the changelog.

Close?
Comment 3 Daniel Walsh 2007-04-24 16:18:29 UTC 
Sorry must of missed this change.