Bug 440326
Summary: | SELinux is preventing /usr/bin/nmap (traceroute_t) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Suman Chakrabarty <chakrabarty.suman> |
Component: | selinux-policy | Assignee: | Josef Kubin <jkubin> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 8 | CC: | tsmetana |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-04-11 12:30:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Suman Chakrabarty
2008-04-02 20:09:15 UTC
I'm getting different AVC messages: avc: denied { search } for comm=nmap dev=sda2 egid=0 euid=0 exe=/usr/bin/nmap exit=-2 fsgid=0 fsuid=0 gid=0 items=0 name=root pid=13741 scontext=unconfined_u:system_r:traceroute_t:s0 sgid=0 subj=unconfined_u:system_r:traceroute_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:user_home_dir_t:s0 tty=pts1 uid=0 avc: denied { search } for comm=nmap dev=sda2 egid=0 euid=0 exe=/usr/bin/nmap exit=-2 fsgid=0 fsuid=0 gid=0 items=0 name=selinux pid=13839 scontext=unconfined_u:system_r:traceroute_t:s0 sgid=0 subj=unconfined_u:system_r:traceroute_t:s0 suid=0 tclass=dir tcontext=unconfined_u:object_r:user_home_t:s0 tty=pts1 uid=0 avc: denied { search } for comm=nmap dev=sda2 name=libexec pid=13839 scontext=unconfined_u:system_r:traceroute_t:s0 tclass=dir tcontext=system_u:object_r:bin_t:s0 I've prepared a selinux module and will check it with our selinux gurus for an approvement... However I could not reproduce your exact AVC on my system (with the same selinux-policy version). Please update to the latest selinux policy and try to collect all the AVC messages in permissive mode (setenforce 0) and attach them here. Thanks. Try to test my latest packages fixing your problem with tcp_socket: http://people.redhat.com/jkubin/selinux/F8/ Thank you for your feedback! (In reply to comment #2) > Please update to the latest selinux policy and try to collect all the AVC > messages in permissive mode (setenforce 0) and attach them here. Thanks. It seems the problem has been solved in the latest version of selinux policy. I had a complete update of my system and I do not see this message even with selinux in enforcing mode (setenforce 1). Thanks for your effort. |