Bug 545648
Summary: | SELinux is preventing /usr/bin/iceauth "read" access on dcopPfMg8b. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Scott <dan> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | ajayramak, claudiomar.costa, dan, dwalsh, mailto, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:3a1ba7deb1501f7da0103db634e421e5d75132ffb288ec13d7ab29d66cf1285c | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-12-22 20:42:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Scott
2009-12-09 02:34:38 UTC
Could you check rpm -q selinux-policy-targeted I'm not certain, because I can't access that machine at the moment, but I'm pretty sure that it's: selinux-policy-3.6.32-55.fc12.noarch It should have downloaded that update early this morning. I can confirm tonight if you need. THe question I have is how are you running as iceauth_t? The transition from unconfined_t->iceauth_t was removed in updates. Are you using confined users? Nope, no confined users. Unless that was set as the default? 0# sesearch -A -t iceauth_t -p transition | grep unconfined allow unconfined_execmem_t iceauth_t : process { transition getattr } ; allow unconfined_java_t iceauth_t : process { transition getattr } ; allow unconfined_mono_t iceauth_t : process { transition getattr } ; Ok I guess you can get there from java, mono or execmem apps. I will add the required access. You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-57.fc12.noarch selinux-policy-3.6.32-59.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-59.fc12 selinux-policy-3.6.32-59.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13384 |