Bug 510855

Summary: /usr/libexec/cpufreq-applet causes SELinux alerts
Product: [Fedora] Fedora Reporter: David Sommerseth <davids>
Component: gnome-appletsAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 11CC: condor, dwalsh, ovasik, rstrode
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-08 14:35:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Sommerseth 2009-07-11 17:00:28 UTC 
Description of problem:
Whenever the CPU frequency or scheduling is changed via the cpufreq-applet in Gnome, a SELinux alert is registered.  Despite the SELinux alert says the access for the operation was denied, the CPU frequency is changed.

Version-Release number of selected component (if applicable):
gnome-applets-2.26.2-1.fc11.x86_64

How reproducible:
Every time a change is done via this applet.

Actual results:
--- SELinux alert ------------------------------------------------------------
* Summary
SELinux is preventing cpufreq-selecto (cpufreqselector_t) "read" security_t. 

* Detailed Description
SELinux denied access requested by cpufreq-selecto. It is not expected that this access is required by cpufreq-selecto and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 

Raw Audit Messages:

node=aurelius.mynet.net type=AVC msg=audit(1247330865.415:770): avc: denied { read } for pid=22424 comm="cpufreq-selecto" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file 

node=aurelius.mynet.net type=AVC msg=audit(1247330865.415:770): avc: denied { open } for pid=22424 comm="cpufreq-selecto" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file 

node=aurelius.mynet.net type=SYSCALL msg=audit(1247330865.415:770): arch=c000003e syscall=2 success=yes exit=3 a0=7fff578ad2c0 a1=0 a2=7fff578ad2cc a3=fffffff8 items=0 ppid=22423 pid=22424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cpufreq-selecto" exe="/usr/bin/cpufreq-selector" subj=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 key=(null) 
-------------------------------------------------------------------------------

Expected results:
No alerts.
Comment 1 Jarod Wilson 2009-07-11 19:23:44 UTC 
Wrong component.
Comment 2 Daniel Walsh 2010-02-08 14:35:49 UTC 
yum update
Comment 3 Daniel Walsh 2010-02-08 14:36:23 UTC 
*** Bug 509906 has been marked as a duplicate of this bug. ***