Bug 464546

Summary: restorecond denials
Product: Red Hat Enterprise Linux 5 Reporter: Orion Poplawski <orion>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-30 13:54:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2008-09-29 15:02:10 UTC 
Description of problem:

Sep 29 08:55:55 xenmock1 kernel: type=1400 audit(1222700155.519:329): avc:  denied  { node
_bind } for  pid=1413 comm="restorecond" scontext=system_u:system_r:restorecond_t:s0 tcont
ext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
Sep 29 08:55:55 xenmock1 kernel: type=1400 audit(1222700155.527:330): avc:  denied  { name
_bind } for  pid=1413 comm="restorecond" src=799 scontext=system_u:system_r:restorecond_t:
s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
Sep 29 08:55:55 xenmock1 kernel: type=1400 audit(1222700155.535:331): avc:  denied  { name
_connect } for  pid=1413 comm="restorecond" dest=111 scontext=system_u:system_r:restorecon
d_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-137.1.el5

How reproducible:
Happens periodically.  Not sure what triggers it.

This is a xen guest running kernel 2.6.18-105.el5xen.
Comment 1 Daniel Walsh 2008-09-29 17:13:31 UTC 
This looks like this is being caused by nis.
setsebool -P allow_ypbind 1

If this is using ypbind?
Comment 2 Orion Poplawski 2008-09-29 19:48:37 UTC 
Hmm, was using ypbind, but just transitioned to LDAP.  Messages started when I ran authconfig and ypbind was stopped (and allow_ypbind set to 0).  I'll reboot.
Comment 3 Daniel Walsh 2008-09-30 13:54:04 UTC 
Yes I think this will go away, now.  I think you have a race condition, where you stopped ypbind, and turned off the boolean, but the kernel still was doing NIS stuff so it generated an AVC.  

I believe you will not see this in the future.