Bug 483089

Summary: AVCs generated updating udev: complains about groupadd_t....
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: udevAssignee: Harald Hoyer <harald>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, ffesti, harald, james.antill, katzj, pmatilai, tla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-30 10:03:28 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description Tom London 2009-01-29 12:17:35 EST
Description of problem:
Notice SELinux (targeted/enforcing) AVCs during update to udev-137-1.fc11.x86_64:

[root@tlondon ~]# audit2allow -al


#============= groupadd_t ==============
allow groupadd_t rpm_t:tcp_socket { read write };
allow groupadd_t rpm_t:unix_dgram_socket { read write };
allow groupadd_t rpm_var_lib_t:file { read write };
allow groupadd_t var_t:file read;
[root@tlondon ~]#

Snippet from /var/log/messages:

Jan 29 06:36:53 tlondon yum: Updated: bash-4.0-0.2.rc1.fc11.x86_64
Jan 29 06:36:55 tlondon yum: Updated: libvolume_id-137-1.fc11.x86_64
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:55 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:56 tlondon udevd[948]: specified group 'dialout' unknown
Jan 29 06:36:57 tlondon udevd[4487]: specified group 'dialout' unknown
Jan 29 06:36:57 tlondon kernel: udev: starting version 137
Jan 29 06:36:58 tlondon yum: Updated: udev-137-1.fc11.x86_64

Snippet from /var/log/messages:

type=ADD_GROUP msg=audit(1233239818.356:23): user pid=4495 uid=0
auid=500 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
msg='op=adding group acct="dialout" exe="/usr/sbin/groupadd"
(hostname=?, addr=?, terminal=pts/0 res=success)'
type=AVC msg=audit(1233239829.939:24): avc:  denied  { read write }
for  pid=4513 comm="groupadd" path="socket:[67562]" dev=sockfs
ino=67562 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023
tclass=unix_dgram_socket
type=AVC msg=audit(1233239829.939:24): avc:  denied  { read write }
for  pid=4513 comm="groupadd" path="socket:[68303]" dev=sockfs
ino=68303 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1233239829.939:24): avc:  denied  { read } for
pid=4513 comm="groupadd"
path="/var/cache/yum/11koji32/packages/setup-2.7.7-2.fc11.noarch.rpm"
dev=dm-1 ino=667029
scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1233239829.939:24): avc:  denied  { read write }
for  pid=4513 comm="groupadd" path="/var/lib/rpm/__db.000" dev=dm-1
ino=66677 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1233239829.939:24): arch=c000003e syscall=59
success=yes exit=0 a0=16029a0 a1=1602a60 a2=16010f0 a3=7fff27b89150
items=0 ppid=4512 pid=4513 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="groupadd"
exe="/usr/sbin/groupadd"
subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null)
type=ADD_GROUP msg=audit(1233239829.945:25): user pid=4513 uid=0
auid=500 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
msg='op=adding group acct="video" exe="/usr/sbin/groupadd"
(hostname=?, addr=?, terminal=pts/0 res=failed)'
type=AVC msg=audit(1233239829.962:26): avc:  denied  { read write }
for  pid=4515 comm="groupadd" path="socket:[67562]" dev=sockfs
ino=67562 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023
tclass=unix_dgram_socket
type=AVC msg=audit(1233239829.962:26): avc:  denied  { read write }
for  pid=4515 comm="groupadd" path="socket:[68303]" dev=sockfs
ino=68303 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=tcp_socket
type=AVC msg=audit(1233239829.962:26): avc:  denied  { read } for
pid=4515 comm="groupadd"
path="/var/cache/yum/11koji32/packages/setup-2.7.7-2.fc11.noarch.rpm"
dev=dm-1 ino=667029
scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1233239829.962:26): avc:  denied  { read write }
for  pid=4515 comm="groupadd" path="/var/lib/rpm/__db.000" dev=dm-1
ino=66677 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1233239829.962:26): arch=c000003e syscall=59
success=yes exit=0 a0=fa29a0 a1=fa2a60 a2=fa10f0 a3=7fff2336dd20
items=0 ppid=4514 pid=4515 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="groupadd"
exe="/usr/sbin/groupadd"
subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null)
type=ADD_GROUP msg=audit(1233239829.969:27): user pid=4515 uid=0
auid=500 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
msg='op=adding group acct="audio" exe="/usr/sbin/groupadd"
(hostname=?, addr=?, terminal=pts/0 res=failed)'


Version-Release number of selected component (if applicable):
yum-3.2.21-6.fc11.noarch
udev-137-1.fc11.x86_64

How reproducible:
Suspect every time....

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Harald Hoyer 2009-01-30 04:31:44 EST
udev-127-2 .. moved "groupadd" to %pre
Comment 2 Harald Hoyer 2009-01-30 04:32:02 EST
udev-137-2 that is, of course
Comment 3 Tom London 2009-01-30 10:03:28 EST
Today's update:

ownloading Packages:
udev-137-2.fc11.x86_64.rpm                               | 325 kB     00:22     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : udev                                                     1/2 
  Cleanup        : udev                                                     2/2 

Updated:
  udev.x86_64 0:137-2.fc11                                                      

Complete!

No messages in /var/log/messages:

Jan 30 06:57:06 tlondon ntpd[2588]: synchronized to 66.79.148.35, stratum 2


Jan 30 07:00:22 tlondon kernel: udev: starting version 137
Jan 30 07:00:23 tlondon yum: Updated: udev-137-2.fc11.x86_64

And, no AVC's:

[root@tlondon ~]# audit2allow -al


[root@tlondon ~]# 

Thanks!   Closing....