Bug 429915
| Summary: | AVC: updpwd_t should have dontaudit rule for access to terminals | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jochen Schmitt <jochen> | ||||
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 8 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-03-05 22:17:23 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 293468 [details]
Patch to suppress audit messages when writting to ptys
Fixed in selinux-policy-3.0.8-82.fc8 Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists. |
Description of problem: I will get the following avc message. avc: denied { read write } for comm=unix_update dev=devpts egid=500 euid=0 exe=/sbin/unix_update exit=0 fsgid=500 fsuid=0 gid=500 items=0 name=2 pid=3784 scontext=system_u:system_r:updpwd_t:s0-s0:c0.c1023 sgid=500 subj=system_u:system_r:updpwd_t:s0-s0:c0.c1023 suid=0 tclass=chr_file tcontext=system_u:object_r:devpts_t:s0 tty=pts2 uid=0 The setroubleshoot tools explains, that there should be a dontaudit rule for daemons which try to access terminals.