Bug 374761

Summary: policycoreutils tries to relabel proc fs (named/chroot)
Product: [Fedora] Fedora Reporter: Doncho Gunchev <dgunchev>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-12 19:55:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Doncho Gunchev 2007-11-10 15:39:01 UTC
Description of problem:
During yum update I got this stating that restorecon is trying getattr 
on /var/named/chroot/proc/3680/task/3680/fd/0.

Version-Release number of selected component (if applicable):
policycoreutils-2.0.31-7.fc8

How reproducible:
didn't try

Steps to Reproduce:
1. Install FC8-t3
2. Update to FC8 via yum

Actual results:
AVC message:
avc: denied { getattr } for comm=restorecon dev=proc 
path=/var/named/chroot/proc/3680/task/3680/fd/0 pid=17909 
scontext=system_u:system_r:setfiles_t:s0 tclass=lnk_file 
tcontext=system_u:system_r:inetd_t:s0 


Expected results:
I think restorecon should not touch proc (sysfs?) file systems. If it should 
however, then this ability should be granted by the policy.

Additional info:
I'm running FC8 in permissive SELinux mode, 
selinux-policy-targeted-3.0.8-44.fc8.

Comment 1 Daniel Walsh 2007-11-12 19:55:02 UTC
I don't understand this since it is showing a symbolic link labeled inetd_t?

I have a feeling this would not have happened in enforcing mode, so I am going
to close won't fix.