Bug 443286

Summary: tmpwatch: 3* denieds for tex|dvips|pdftex after initial boot anacron run
Product: [Fedora] Fedora Reporter: David Timms <dtimms>
Component: texliveAssignee: Jindrich Novy <jnovy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: pertusus, pknirsch, tuju
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-06 02:53:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
1 of 3 avc's against dvips
none
2 of 3 avc's against pdftex
none
3 of 3 avc's against tex none

Description David Timms 2008-04-20 08:02:59 UTC 
Description of problem:
The following attached avc's for tmpwatch against tex, dvips, pdftex where noted
on a F9Preview fresh install.

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-35.fc9.noarch
selinux-policy-targeted-3.3.1-35.fc9.noarch
texlive-2007-28.fc9.i386
texlive-texmf-dvips-2007-20.fc9.noarch
texlive-texmf-fonts-2007-20.fc9.noarch

How reproducible:
Tried running cron.daily scripts to check wheich one, but didn't regenerate the avc.

Steps to Reproduce:
1. f9preview install {default selections}
2. boot it.
3. after 92mins, 
  
Actual results:
the 3x avc's are noted.

Expected results:
-

Additional info:
since updated to koji:
selinux-policy-3.3.1-36.fc9.noarch
selinux-policy-targeted-3.3.1-36.fc9.noarch
haven't been able to reproduce since initial boot.
Comment 1 David Timms 2008-04-20 08:02:59 UTC 
Created attachment 303040 [details]
1 of 3 avc's against dvips
Comment 2 David Timms 2008-04-20 08:03:57 UTC 
Created attachment 303041 [details]
2 of 3 avc's against pdftex
Comment 3 David Timms 2008-04-20 08:04:43 UTC 
Created attachment 303042 [details]
3 of 3 avc's against tex
Comment 4 Daniel Walsh 2008-04-20 11:03:45 UTC 
This is caused by texlive not fixing the labeling of this directory in its post
install.  It needs to run restorecon -R -v /var/lib/texmf.  If you run this
command you will fix the labeling.
Comment 5 Juha Tuomala 2008-04-30 19:42:14 UTC 
 type=AVC msg=audit(1209562776.598:28): avc: denied { setattr } for pid=7428
comm="tmpwatch" name="dvips" dev=dm-2 ino=2965586
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir 

type=AVC msg=audit(1209562776.598:29): avc: denied { setattr } for pid=7428
comm="tmpwatch" name="pdftex" dev=dm-2 ino=2965587
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir 

confirmed
Comment 6 Jindrich Novy 2008-05-06 02:53:38 UTC 
Should be fixed by #444922.