Bug 541693

Summary: SELinux is preventing /bin/bash "add_name" access on prelink.full.
Product: [Fedora] Fedora Reporter: romal <redhat>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 12CC: adamowicz.bartlomiej, andreabravetti, antifreeze2173, bastian.frank, binstrom, bob.king.1138, christopher, cryptoamity, c.twelve, dizeyah, dwalsh, eduard0.ec0, erik, fredrik, gevsantos, grasmichael, ian.cullen2308, jlbouras, jocagovi, john.mcgarrachan, joseph, livehydra, lmsmith1975, mail_zkj, menth0l, mgrepl, minaharker80, mm531193, mquinlan, ogldelphi, oliver254, optimal_solution2000, paolo.fulvio, paulo, philip.avraam, raflexras, remimasse, ruben, sebastian_mnz, smitna, swu98, syscreat, tjhieronymus, trweniger, vinividivicci3, vishvaya, vitaldu, wallace.ww, ygnalinux, yulrottmann
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:a9dd56281c1184fa129960b91f0ba4112b65192a9ae07d88f23f1b463af70492
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-30 16:32:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description romal 2009-11-26 18:33:16 UTC 
Zusammenfassung:

SELinux is preventing /bin/bash "add_name" access on prelink.full.

Detaillierte Beschreibung:

[prelink hat einen toleranten Typ (prelink_cron_system_t). Dieser Zugriff wurde
nicht verweigert.]

SELinux denied access requested by prelink. It is not expected that this access
is required by prelink and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Zugriff erlauben:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Zusätzliche Informationen:

Quellkontext                  system_u:system_r:prelink_cron_system_t:s0-s0:c0.c
                              1023
Zielkontext                   system_u:object_r:var_lib_t:s0
Zielobjekte                   prelink.full [ dir ]
Quelle                        prelink
Quellen-Pfad                  /bin/bash
Port                          <Unbekannt>
Host                          (removed)
Quellen-RPM-Pakete            bash-4.0.33-1.fc12
Ziel-RPM-Pakete               
RPM-Richtlinie                selinux-policy-3.6.32-49.fc12
SELinux aktiviert             True
Richtlinienversion            targeted
Enforcing-Modus               Enforcing
Plugin-Name                   catchall
Hostname                      (removed)
Plattform                     Linux (removed) 2.6.31.6-145.fc12.x86_64
                              #1 SMP Sat Nov 21 15:57:45 EST 2009 x86_64 x86_64
Anzahl der Alarme             3
Zuerst gesehen                Do 26 Nov 2009 17:15:36 CET
Zuletzt gesehen               Do 26 Nov 2009 17:15:36 CET
Lokale ID                     e677f998-afc1-4458-b724-a7ef55e9d7df
Zeilennummern                 

Raw-Audit-Meldungen           

node=(removed) type=AVC msg=audit(1259252136.736:22966): avc:  denied  { add_name } for  pid=20116 comm="prelink" name="prelink.full" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir

node=(removed) type=AVC msg=audit(1259252136.736:22966): avc:  denied  { create } for  pid=20116 comm="prelink" name="prelink.full" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file

node=(removed) type=AVC msg=audit(1259252136.736:22966): avc:  denied  { write open } for  pid=20116 comm="prelink" name="prelink.full" dev=sda3 ino=225 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1259252136.736:22966): arch=c000003e syscall=2 success=yes exit=128 a0=12ac980 a1=241 a2=1b6 a3=0 items=0 ppid=20112 pid=20116 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-49.fc12,catchall,prelink,prelink_cron_system_t,var_lib_t,dir,add_name
audit2allow suggests:

#============= prelink_cron_system_t ==============
allow prelink_cron_system_t var_lib_t:dir add_name;
allow prelink_cron_system_t var_lib_t:file { write create open };
Comment 1 Daniel Walsh 2009-11-30 16:32:00 UTC 

*** This bug has been marked as a duplicate of bug 541692 ***