Bug 480569
Summary: | SELinux AVC Denial when starting vsftpd server | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Victoria Earl <kitsuta> |
Component: | kdebase | Assignee: | Than Ngo <than> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | arbiter, dwalsh, jkubin, jreznik, jskala, kevin, ltinkl, mgrepl, mnagy, rdieter, than, tuxbrewr |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-02-06 14:47:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Victoria Earl
2009-01-19 02:50:10 UTC
Are you starting this from a konsole terminal? Yes. (In reply to comment #1) > Are you starting this from a konsole terminal? (Forgot to click 'reply') Yes. This is a known bug with konsole terminals. They are leaking file descriptors. ls -lZ /proc/self/fd Will show you all of the open file descriptors on the konsole. It should look like ls -lZ /proc/self/fd lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 0 -> /dev/pts/0 lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 1 -> /dev/pts/0 lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 2 -> /dev/pts/0 lr-x------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 3 -> /proc/9943/fd But there are lots of file descriptrs that are not being closed on exec and SELinux notices this and closes the descriptor before executing the confined application. You can safely ignore these avc messages. Thank you. I w(In reply to comment #4) > This is a known bug with konsole terminals. They are leaking file descriptors. > > ls -lZ /proc/self/fd > > Will show you all of the open file descriptors on the konsole. > > It should look like > > ls -lZ /proc/self/fd > lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 0 -> /dev/pts/0 > lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 1 -> /dev/pts/0 > lrwx------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 2 -> /dev/pts/0 > lr-x------ dwalsh dwalsh staff_u:staff_r:staff_t:s0 3 -> /proc/9943/fd > > But there are lots of file descriptrs that are not being closed on exec and > SELinux notices this and closes the descriptor before executing the confined > application. > > You can safely ignore these avc messages. Thank you. I'll look into switching terminals to prevent related behavior in SELinux. Thank you for the bug report. This issue needs to be addressed by the upstream developers. Please submit a report at http://bugs.kde.org. You are requested to add the bugzilla link here for tracking purposes. Please make sure the bug isn't already in the upstream bug tracker before filing it. *** This bug has been marked as a duplicate of bug 484370 *** |