Bug 440572
Summary: | scim-bridge causing avc denials with scim-chewing and scim-python-pinyin | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jens Petersen <petersen> | ||||
Component: | scim-bridge | Assignee: | Peng Huang <phuang> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | dwalsh, eng-i18n-bugs, K9, petersen | ||||
Target Milestone: | --- | Keywords: | i18n | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-04-11 05:47:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 235705, 441177 | ||||||
Attachments: |
|
Description
Jens Petersen
2008-04-04 05:10:40 UTC
Meant to add that this doesn't happen if scim-bridge is removed. Created attachment 300387 [details]
selinux_alert.txt
(sorry the output is in Japanese)
Looks like scim-bridge is leaking open file descriptors that ldconfig is looking at. fcntl(fd, F_SETFD, FD_CLOEXEC) The file was denied access has same context as normal: $ ll -Z /usr/share/chewing/us_freq.dat -rw-r--r-- root root system_u:object_r:usr_t:s0 /usr/share/chewing/us_freq.dat $ ll -Z /usr/share/scim-python/helper/__init__.py -rw-r--r-- root root system_u:object_r:usr_t:s0 /usr/share/scim-python/helper/__init__.py Yes but ldconfig would not try to access this file. So the problem is someone is leaking an open file descriptor to ldconfig, and SELinux checks the access on the open file descriptor causing the AVC. Hmm seems fixed in rawhide anyway. Thanks *** Bug 441177 has been marked as a duplicate of this bug. *** |