Bug 636586

Summary: avc on boot: denied { mmap_zero } comm="vbetool"
Product: [Fedora] Fedora Reporter: Jeff Raber <jeff.raber>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: 14   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 636579 Environment:
Last Closed: 2010-09-22 20:07:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Raber 2010-09-22 16:08:08 UTC 
+++ This bug was initially created as a clone of Bug #636579 +++

Created attachment 448971 [details]
/var/log/dmesg, showing 2 avcs during boot.  This bug is for the first avc

Description of problem:
avc during cold boot after the AMD microcode module is loaded

type=1400 audit(1285169153.169:5): avc:  denied  { mmap_zero } for  pid=756 comm="vbetool" scontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tcontext=system_u:system_r:vbetool_t:s0-s0:c0.c1023 tclass=memprotect

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.9.3-1.fc14.noarch
selinux-policy-3.9.3-1.fc14.noarch
vbetool-1.2.2-1.fc12.x86_64
libx86-1.1-9.fc13.x86_64
kernel-2.6.35.4-28.fc14.x86_64

How reproducible:
Seems like 100% (but I've only seen it 3 times)

Steps to Reproduce:
1. Cold boot laptop (doesn't seem to happen on a warm boot)
2. Notice the AVC after the AMD microcode module is loaded
  
Actual results:
AVC displayed in boot messages and logged in /dev/dmesg

Expected results:
No AVC.

Additional info:
This is a fresh F14 RC3 install from DVD, less than 12 hours old.  I have only installed 3 packages post-installation: pidgin, evolution-exchange & trousers.
Smolt profile: http://www.smolts.org/client/show/pub_0f5426ff-4588-4b7d-b80a-bca736d583bb
Comment 1 Jeff Raber 2010-09-22 16:16:03 UTC 
I cloned Bug #636579 out of laziness as these issues are similar (but not the same).  The 'dmesg' attachment on that bug is applicable, but this bug is for the 2nd AVC in that file.
Comment 2 Daniel Walsh 2010-09-22 20:07:43 UTC 

*** This bug has been marked as a duplicate of bug 528022 ***