Bug 622801
Summary: | Missing rule for suexec | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Zbysek MRAZ <zmraz> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | dwalsh, ebenes, jwest, mmalik, syeghiay |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.7.19-37.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-10 21:36:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 580448, 620945 |
Description
Zbysek MRAZ
2010-08-10 13:03:56 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** This looks like a leaked file descriptor potentially just a test problem. But it could be caused by an admin doing a service httpd restart Miroslav, since we have dontaudit httpd_t user_devpts_t : chr_file { ioctl read write getattr append open } ; We need to do the same fot httpd_suexec_t. Added to selinux-policy-3.7.19-37.el6.noarch Milos, did the test pass successfully? Looks like we also need to add the same change for httpd_user_script_t. The test passed. Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |