Bug 433092
Summary: | SELinux and groupadd/groudel | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ignacio Vazquez-Abrams <ivazqueznet> |
Component: | selinux-policy | Assignee: | Josef Kubin <jkubin> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-02-26 22:54:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ignacio Vazquez-Abrams
2008-02-16 06:16:40 UTC
Send me please name of offending package, I would like to reproduce it. Thank you. This is happening because you are sitting in the homedir when you execute your update command. When you install a package via RPM, rpm transitions to rpm_t and when it executes groupadd it transition to groupadd_t, the C Library then does a getcwd when the executable starts generating the AVC. If you cd / before running rpm or yum this AVC will not happen. It can safely be ignored. And it means to create a don't audit rule. Right? Works for me. Well you can't really create a dontaudit rule for every possible directory you would run this in. We could add a allow domain file_type:dir getattr; or dontaudit domain file_type:dir getattr and eliminate them that way. I will allow this in rawhide. |