Bug 631750

Summary: AVC denials from httpd on F12
Product: [Community] Spacewalk Reporter: Garik Khachikyan <gkhachik>
Component: ServerAssignee: Jan Pazdziora <jpazdziora>
Status: CLOSED WONTFIX QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.2CC: jpazdziora, mkoci, mminar, slukasik
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-26 14:05:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 653453    

Description Garik Khachikyan 2010-09-08 10:22:24 UTC 
Description of problem:
The recent tests show lots of ACV denials from user httpd on the F12 i386 system during work of SW nightly.

Version-Release number of selected component (if applicable):
SW nightly (the date: 07.Sep.2010)

How reproducible:
through RHTS test

Steps to Reproduce:
1. install SW nightly on F12 i386
2. make some actions (like rhnpush a package and try to remove it through API)
3. look for AVC denials for the user httpd (/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR)
  
Actual results:
time->Tue Sep  7 15:27:09 2010
type=SYSCALL msg=audit(1283887629.218:33982): arch=40000003 syscall=5 success=no exit=-13 a0=bfcc3010 a1=98800 a2=660ff4 a3=0 items=0 ppid=8932 pid=8946 auid=4294967295 uid=48 gid=492 euid=48 suid=48 fsuid=48 egid=492 sgid=492 fsgid=492 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1283887629.218:33982): avc:  denied  { search } for  pid=8946 comm="httpd" name="rpm" dev=dm-0 ino=32769 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
----
time->Tue Sep  7 15:27:09 2010
type=SYSCALL msg=audit(1283887629.218:33983): arch=40000003 syscall=195 success=no exit=-13 a0=b1b31790 a1=bfcc2fcc a2=660ff4 a3=b1b3179c items=0 ppid=8932 pid=8946 auid=4294967295 uid=48 gid=492 euid=48 suid=48 fsuid=48 egid=492 sgid=492 fsgid=492 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1283887629.218:33983): avc:  denied  { getattr } for  pid=8946 comm="httpd" path="/var/lib/rpm" dev=dm-0 ino=32769 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir

Expected results:
no avc denials

Additional info:
Comment 2 Šimon Lukašík 2010-09-20 14:01:12 UTC 
This bug is not present on Fedora-13.

But on Fedora-13 we have very similar issue with cobblerd. See bug 635681.
Comment 3 Jan Pazdziora 2010-11-19 16:05:12 UTC 
Mass-moving to space13.
Comment 4 Jan Pazdziora 2010-11-26 14:05:04 UTC 
(In reply to comment #2)
> This bug is not present on Fedora-13.

If the problem is not present on Fedora 13, closing as WONTFIX as Fedora 12 will be EOL'd within a week.