Bug 505993
Summary: | SELinux is preventing privoxy (privoxy_t) "read|open" proc_t | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Allen Kistler <ackistler> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 11 | CC: | dwalsh, jkubin, maurizio.antillon, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.6.12-53.fc11.noarch | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-06-28 21:39:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Allen Kistler
2009-06-15 06:33:05 UTC
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.12-52.fc11.noarch (In reply to comment #1) > You can add these rules for now using > > # grep avc /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp I "dontaudit" (rather than "allow") them in my local policy. It seems to work fine so far. > Fixed in selinux-policy-3.6.12-52.fc11.noarch According to koji: State failed Started Mon, 15 Jun 2009 20:07:44 UTC Completed Mon, 15 Jun 2009 20:09:40 UTC Task build (dist-f11-updates-candidate, /cvs/pkgs:rpms/selinux-policy/F-11: selinux-policy-3_6_12-52_fc11) 51 was the same. Usually when I say it is fixed, I have not completed the build yet. Not sure why privoxy wants to read cpuinfo, but does not seem like a big security risc to allow it. 52 is now built I believe. I will put an update into testing by the end of the week. Fix confirmed in selinux-policy-3.6.12-53.fc11.noarch, currently in testing selinux-policy-3.6.12-53.fc11.noarch is in updates. Closing. |