Bug 428849

Summary: selinux prevents /sbin/killall5 xdm_t sys_ptrace
Product: [Fedora] Fedora Reporter: Juha Tuomala <tuju>
Component: xorg-x11-xdmAssignee: Søren Sandmann Pedersen <sandmann>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: dwalsh, kem, pertusus, xgl-maint
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-14 09:17:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Juha Tuomala 2008-01-15 16:36:44 UTC 
Additional Information        

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Affected RPM Packages         sysvinit-2.86-18 [application]
Policy RPM                    selinux-policy-3.0.8-64.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     xxxxxxxxxxx
Platform                      Linux xxxxxxxxxxxx 2.6.23.8-63.fc8 #1 SMP Wed
                              Nov 21 17:56:40 EST 2007 x86_64 x86_64
Alert Count                   2
First Seen                    Thu 20 Dec 2007 12:50:52 PM EET
Last Seen                     Thu 20 Dec 2007 12:50:52 PM EET
Local ID                      74c90cf0-1a9f-421c-b9f9-15d03076b4ba
Line Numbers                  

Raw Audit Messages            

avc: denied { sys_ptrace } for comm=pidof egid=0 euid=0 exe=/sbin/killall5
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=7577
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=capability
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tty=(none) uid=0



Version-Release number of selected component (if applicable):
# rpm -qf /usr/bin/xdm
xorg-x11-xdm-1.1.6-2.fc8
Comment 1 Juha Tuomala 2008-01-15 16:37:35 UTC 
*** Bug 428848 has been marked as a duplicate of this bug. ***
Comment 2 Daniel Walsh 2008-01-24 18:42:45 UTC 
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-82.fc8
Comment 3 Patrice Dumas 2008-06-14 08:03:11 UTC 
Does this bug need testing or should it simply be closed?
Comment 4 Juha Tuomala 2008-06-14 09:02:07 UTC 
i'll reopen it if needed so please close.