Bug 487570
Summary: | selinux denial to updateb for sagator | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | stanl |
Component: | sagator | Assignee: | Jan ONDREJ <ondrejj> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | ondrejj |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-19 09:59:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
stanl
2009-02-26 18:58:27 UTC
I can't reproduce this on my system, trying to run "updatedb" manually, but still no audit messages in dmes/audit.log. May be it's possible to avoid this by removing sagator-selinux package, but it will run sagator without selinux protection. There are also more problems with current selinux policy and sagator's policy. Whole policy should be updated. Your finding is interesting because the error has not repeated today. The system has no selinux policy updates since that last in updates testing, I have not run any selinux commands. It seems to have self corrected. If that changes, I'll update the ticket, but for now it seems to be fine. This bug is fixed upstream in sagator-1.2.0, but it's not easy to implement this in Fedora 10. But I am seeing, that updatedb is running on my Fedora 10 box as unconfined_t, which can access sagator_*_t files, so there is no problem in current releases. Closing this bug. Reopen it, if you still have problems. |