Bug 455469

Summary: AVC denial when firstaidkit changes /var/log/firstaidkit.log after changing root passwd
Product: [Fedora] Fedora Reporter: Joel Andres Granados <jgranado>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: jkubin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-15 18:10:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
the audit log none

Description Joel Andres Granados 2008-07-15 17:19:42 UTC
Description of problem:
We have firstaidkit, (python script) that has a plugin called passwd which
serves the purpose of changing the root passwd. additionally firstaidkit logs to
/var/log/firstaidkit.log When I run any other plugin the log file is quite ok
and there are no problems but when I run passwd, it creates an SElinux denial :(
 I'm pretty sure that its at the moment when the passwd gets changed.


How reproducible:
always.  only with that plugin.  Other plugins log to that file with no problem

Steps to Reproduce:
1. yum install firstaidkit-plugin-passwd -y
2. firstaidkit -f passwd resetRoot
3. This should produce the AVC denial seen in /var/log/messages or
/var/log/audit/audit.log
  
Actual results:
AVC denial

Expected results:
For SElinux to let Firstaidkti change the root passwd.

Additional info:
I will attach the /var/log/audit/audit.log log.  I executed firstaidkit with an
empty log.

Comment 1 Joel Andres Granados 2008-07-15 17:20:10 UTC
Created attachment 311855 [details]
the audit log

Comment 2 Daniel Walsh 2008-07-15 18:10:39 UTC
Fixed in selinux-policy-3.4.2-14.fc10.noarch