Bug 439018
Summary: | tcpdump causes avc messages when running autofs regression tests | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Moyer <jmoyer> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 5.1 | CC: | ebenes, ikent |
Target Milestone: | rc | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2008-0465 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-05-21 16:43:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeff Moyer
2008-03-26 15:48:40 UTC
Fixed in selinux-policy-2.4.6-128.el5 Re-running the tests, we now get the following: /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 4/17/2008 10:2:20 ---- time->Thu Apr 17 10:02:39 2008 type=SYSCALL msg=audit(1208440959.733:19): arch=40000003 syscall=5 success=no exit=-13 a0=abeb64 a1=0 a2=99f264 a3=80d2a00 items=0 ppid=3006 pid=3328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440959.733:19): avc: denied { search } for pid=3328 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:11 2008 type=SYSCALL msg=audit(1208440991.000:22): arch=40000003 syscall=5 success=no exit=-13 a0=614b64 a1=0 a2=4f5264 a3=80d2a00 items=0 ppid=3006 pid=3614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440991.000:22): avc: denied { search } for pid=3614 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:18 2008 type=SYSCALL msg=audit(1208440998.410:25): arch=40000003 syscall=5 success=no exit=-13 a0=692b64 a1=0 a2=573264 a3=80d2a00 items=0 ppid=3006 pid=3695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440998.410:25): avc: denied { search } for pid=3695 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:49 2008 type=SYSCALL msg=audit(1208441029.568:28): arch=40000003 syscall=5 success=no exit=-13 a0=489b64 a1=0 a2=36a264 a3=80d2a00 items=0 ppid=3006 pid=3985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208441029.568:28): avc: denied { search } for pid=3985 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- One more time. Fixed in selinux-policy-2.4.6-132.el5 (In reply to comment #8) > One more time. > > Fixed in selinux-policy-2.4.6-132.el5 Did you actually test this? I'm still seeing problems: /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 4/17/2008 12:1:33 ---- time->Thu Apr 17 12:01:54 2008 type=SYSCALL msg=audit(1208448114.667:19): arch=40000003 syscall=5 success=no exit=-13 a0=234b64 a1=0 a2=115264 a3=80d2a00 items=0 ppid=3722 pid=4058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448114.667:19): avc: denied { search } for pid=4058 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:02:26 2008 type=SYSCALL msg=audit(1208448146.387:22): arch=40000003 syscall=5 success=no exit=-13 a0=bd8b64 a1=0 a2=ab9264 a3=80d2a00 items=0 ppid=3722 pid=4346 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448146.387:22): avc: denied { search } for pid=4346 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:02:32 2008 type=SYSCALL msg=audit(1208448152.988:25): arch=40000003 syscall=5 success=no exit=-13 a0=234b64 a1=0 a2=115264 a3=80d2a00 items=0 ppid=3722 pid=4427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448152.988:25): avc: denied { search } for pid=4427 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:03:01 2008 type=SYSCALL msg=audit(1208448181.804:28): arch=40000003 syscall=5 success=no exit=-13 a0=367b64 a1=0 a2=248264 a3=80d2a00 items=0 ppid=3722 pid=4691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448181.804:28): avc: denied { search } for pid=4691 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- selinux-policy 2.4.6 132.el5 noarch selinux-policy-targeted 2.4.6 132.el5 noarch If by test you mean actually make sure the patch was applied to the package no. Sorry... 133 will have the patch. As far as testing SELinux fixes, I usually rely on the reporter to check, since I do not have the environment to test. OK, I've verified that -133 fixes the issue in my test environment. Thanks! An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html |