Bug 447971

Summary: SELinux is preventing polkit-read-aut (polkit_auth_t) "getattr" to / (fs_t).
Product: [Fedora] Fedora Reporter: David Florence <florencent.leech>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-17 22:04:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Florence 2008-05-22 18:02:57 UTC
Description of problem:
SELinux denied access requested by polkit-read-aut. It is not expected that this
access is required by polkit-read-aut and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access. 

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-51.fc9

How reproducible:
not sure

Steps to Reproduce:
1.unknown
2.
3.
  
Actual results:
n/a

Expected results:
n/a

Additional info:
You can generate a local policy module to allow this access - see FAQ Or you can
disable SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a bug report against this package.

Raw Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1211478397.429:13): avc: denied { getattr } for pid=3012
comm="polkit-read-aut" name="/" dev=sda3 ino=2
scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:fs_t:s0
tclass=filesystem

Comment 1 Daniel Walsh 2008-05-23 19:28:06 UTC
You can probably ignore this for now.

Fixed in selinux-policy-3.3.1-56.fc9.noarch

Comment 2 Daniel Walsh 2008-11-17 22:04:05 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.