Bug 270041

Summary: SELinux is preventing /sbin/killall5 (dhcpc_t) "ptrace" to (dhcpc_t)
Product: [Fedora] Fedora Reporter: Robert Staaf <rstaaf>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 7Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-30 19:19:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Staaf 2007-08-31 02:57:26 UTC
Description of problem:SELinux denied access requested by /sbin/killall5. It is
not expected that this access is required by /sbin/killall5 and this access may
signal an intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.


Version-Release number of selected component (if applicable):
selinux-policy-2.6.4-38.fc7

How reproducible:
Just turn on the machine, 696 alerts since the policy was updated 2 days ago.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Daniel Walsh 2007-08-31 10:02:09 UTC
Looks like this is fixed.  Please yum update selinux-policy

Comment 2 Robert Staaf 2007-08-31 10:19:46 UTC
I am running selinux-policy-2.6.4-38.fc7 with was released 8/23 and from 
looking in updates on the mirrors there does not appear to be a newer 
release????

Comment 3 Daniel Walsh 2007-09-01 11:16:24 UTC
I released 40 this week, but the Release engineers might not have pushed it yet.
 It might still be in fedora-testing.  

Comment 4 Robert Staaf 2007-09-02 11:54:45 UTC
I went ahead and updated from testing to get 40 and have to say I am still 
getting the same messages.

SELinux is preventing /sbin/killall5 (dhcpc_t) "ptrace" to (dhcpc_t)
and
SELinux is preventing ntpd (dhcpc_t) "getattr" to /var/run/ntpd.pid

Comment 5 Robert Staaf 2007-09-04 10:41:21 UTC
Last night I did a completely fresh Network Install of F7 completely wiping out
the previous installation.  After all the updates to my dismay these two
sealerts are back.  

SELinux is preventing /sbin/killall5 (dhcpc_t) "ptrace" to (dhcpc_t)
and
SELinux is preventing ntpd (dhcpc_t) "getattr" to /var/run/ntpd.pid

Maybe there are gremlins in my machine but neither a fresh install or updating
to 40 from testing gets ride of these alerts for me...

Comment 6 Daniel Walsh 2007-09-04 15:16:48 UTC
Please attach your /var/log/audit/audit.log

Comment 7 Daniel Walsh 2007-09-04 15:21:54 UTC
That is because I lied.

I will put a fix in 41.



Comment 8 Daniel Walsh 2007-09-04 15:45:52 UTC
I looked at dhcpd_t policy instead of dhcpc_t policy.

Fixed in selinux-policy-2.6.4-41

Comment 9 Robert Staaf 2007-09-17 15:38:51 UTC
Any idea on a release for this fix?  I notice 41 was not released and 42 is in
testing.

Comment 10 Daniel Walsh 2007-09-17 18:50:29 UTC
Requiest has been made to push it to stable, so it should get out soon.

Comment 11 Daniel Walsh 2008-01-30 19:19:47 UTC
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.