Bug 440572

Summary: scim-bridge causing avc denials with scim-chewing and scim-python-pinyin
Product: [Fedora] Fedora Reporter: Jens Petersen <petersen>
Component: scim-bridgeAssignee: Peng Huang <phuang>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, eng-i18n-bugs, me, petersen
Target Milestone: ---Keywords: i18n
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-11 01:47:49 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 235705, 441177    
Attachments:
Description Flags
selinux_alert.txt none

Description Jens Petersen 2008-04-04 01:10:40 EDT 
Description of problem:
scim-bridge seems to be causing avc denials whenever IM is started under GNOME:
ie when the first gtk application using scim-bridge is started, when Chinese
IMEs are installed.

How reproducible:
every time

Steps to Reproduce:
1. sudo yum groupinstall chinese-support
2. start SCIM with im-chooser
2. restart desktop
3. press F2 or open a gtk or gnome application like gedit or gnome-terminal
  
Actual results:
3. avc denial and setroubleshooting star icon in notification area.

Expected results:
3. no selinux warning
Comment 1 Jens Petersen 2008-04-04 01:53:02 EDT 
Meant to add that this doesn't happen if scim-bridge is removed.
Comment 2 Jens Petersen 2008-04-04 01:55:18 EDT 
Created attachment 300387 [details]
selinux_alert.txt

(sorry the output is in Japanese)
Comment 3 Daniel Walsh 2008-04-04 17:43:08 EDT 
Looks like scim-bridge is leaking open file descriptors that ldconfig is looking at.

fcntl(fd, F_SETFD, FD_CLOEXEC)
Comment 4 Caius Chance 2008-04-06 23:37:50 EDT 
The file was denied access has same context as normal:

$ ll -Z /usr/share/chewing/us_freq.dat 
-rw-r--r--  root root system_u:object_r:usr_t:s0      
/usr/share/chewing/us_freq.dat

$ ll -Z /usr/share/scim-python/helper/__init__.py
-rw-r--r--  root root system_u:object_r:usr_t:s0      
/usr/share/scim-python/helper/__init__.py
Comment 5 Daniel Walsh 2008-04-08 08:50:54 EDT 
Yes but ldconfig would not try to access this file.  So the problem is someone
is leaking an open file descriptor to ldconfig, and SELinux checks the access on
the open file descriptor causing the AVC.
Comment 6 Jens Petersen 2008-04-11 01:47:49 EDT 
Hmm seems fixed in rawhide anyway.  Thanks
Comment 7 Jens Petersen 2008-04-11 01:48:15 EDT 
*** Bug 441177 has been marked as a duplicate of this bug. ***