Bug 499977

Summary: SELinux is preventing events/0 (rpcd_t) "signal" kernel_t.
Product: [Fedora] Fedora Reporter: Daniel Fenert <daniel>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, jkubin, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-11 12:05:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Fenert 2009-05-09 18:30:28 UTC 
After last set of upgraded packages, I've got error from selinux:


Podsumowanie:

SELinux is preventing events/0 (rpcd_t) "signal" kernel_t.

Szczegółowy opis:

SELinux denied access requested by events/0. It is not expected that this access
is required by events/0 and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Zezwalanie na dostęp:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Dodatkowe informacje:

Kontekst źródłowy          system_u:system_r:rpcd_t:s0
Kontekst docelowy             system_u:system_r:kernel_t:s0
Obiekty docelowe              None [ process ]
Źródło                     events/0
Ścieżka źródłowa         <Nieznane>
Port                          <Nieznane>
Komputer                      daniel-laptop
Źródłowe pakiety RPM       
Docelowe pakiety RPM          
RPM polityki                  selinux-policy-3.6.12-28.fc11
SELinux jest włączony       True
Typ polityki                  targeted
MLS jest włączone           True
Tryb wymuszania               Enforcing
Nazwa wtyczki                 catchall
Nazwa komputera               daniel-laptop
Platforma                     Linux daniel-laptop
                              2.6.29.2-126.fc11.i686.PAE #1 SMP Mon May 4
                              04:48:39 EDT 2009 i686 i686
Licznik alarmów              4
Po raz pierwszy               pią, 8 maj 2009, 23:03:11
Po raz ostatni                pią, 8 maj 2009, 23:03:11
Lokalny identyfikator         52ce23db-7df9-42a6-b2bb-3c7fc0193e35
Liczba wierszy                

Surowe komunikaty audytu      

node=daniel-laptop type=AVC msg=audit(1241816591.794:84): avc:  denied  { signal } for  pid=10 comm="events/0" scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process
Comment 1 Daniel Walsh 2009-05-11 12:05:47 UTC 
You can add these rules for now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Fixed in selinux-policy-3.6.12-34.fc11.noarch