Bug 462699
| Summary: | avc: denied { read } for pid=2276 comm= while testing latest 5.3 tree | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Burke <jburke> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED WORKSFORME | QA Contact: | Brock Organ <borgan> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.3 | CC: | atodorov, benl, dwalsh, dzickus, lwang, pbunyan, syeghiay |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=4355143 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-10-02 14:16:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Which selinux policy did you use? Where was the tmp directory located? Which selinux policy did you use? The one that was in the RHEL5.3-Server-20080918.nightly tree selinux-policy-2.4.6-154.el5.noarch.rpm selinux-policy-mls-2.4.6-154.el5.noarch.rpm selinux-policy-targeted-2.4.6-154.el5.noarch.rpm selinux-policy-devel-2.4.6-154.el5.noarch.rpm selinux-policy-strict-2.4.6-154.el5.noarch.rpm Where was the tmp directory located? I have no idea. This was an automated install. But I am assuming /tmp Thu Sep 11 2008 Dan Walsh <dwalsh> 2.4.6-155 - Complete backport of logging/audit policy - Allow pegasus to look at kernel xen information #Resolves: #440151 Resolves: #461624 Explains the first audisp one. 158 is in policy now. The cups one looks like a labeling problem. # find /var/spool -name tmp /var/spool/cups/tmp In Fedora 9 /var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh) Says this should have been labeled print_spool_t Does rpm know about this directory? rpm -qf /var/spool/cups I am not sure how this was mislabeled. Could you check with the latest RHEL5 161 package whether this still happens? Dan, I don't see the message in last nights RHEL5.3 20080930.0 tree. So that issue maybe gone. Or if there was some package interaction type issue the offending package may not have been installed. OK I will close this as worksforme, reopen if it happens again. |
Description of problem: During the install of the latest nightly tree (RHEL5.3-Server-20080918.nightly) the system gets several avc:denied messges Version-Release number of selected component (if applicable): RHEL5.3-Server-20080918.nightly How reproducible: Always (i386, x86_64, ia64) Steps to Reproduce: 1. Try a nfs install from pxe with a ks.cfg file. Actual results: type=1400 audit(1221724280.939:4): avc: denied { read } for pid=2276 comm="auditd" name="audispd" dev=dm-0 ino=7241856 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file type=1400 audit(1221724285.073:5): avc: denied { read } for pid=2579 comm="cupsd" name="cups" dev=dm-0 ino=2457728 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir type=1400 audit(1221724285.092:6): avc: denied { read } for pid=2579 comm="cupsd" name="tmp" dev=dm-0 ino=2457729 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir Expected results: We should not get avc messages after a normal install Additional info: