Bug 642935

Summary: SELinux is preventing /sbin/setfiles access to a leaked tcp_socket file descriptor.
Product: Red Hat Enterprise Linux 5 Reporter: Miroslav Vadkerti <mvadkert>
Component: opensshAssignee: Radek Vokál <rvokal>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 5.6CC: carlg, dapospis, drjohnson1, dwalsh, mgrepl, mvadkert, nalin, pvrabec, rvokal, tmraz
Target Milestone: rcKeywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 559542 Environment:
Last Closed: 2012-02-21 06:12:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 541809, 559542    
Bug Blocks: 700492    

Comment 1 Miroslav Vadkerti 2010-10-14 08:41:23 UTC 
This bug exists in RHEL5.6 - openssh-4.3p2-57.el5

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   PASS   ] :: Running 'echo 'session    required     pam_namespace.so debug' >> /etc/pam.d/sshd'
:: [   PASS   ] :: Running 'echo '$HOME    $HOME/$USER.inst/ user' >> /etc/security/namespace.conf'
:: [   PASS   ] :: Running 'sed -i 's/exit 0/lsof -p $$ \&>$2\/testout; exit 0/g' /etc/security/namespace.init'
:: [   PASS   ] :: Running './ssh.exp'
:: [   FAIL   ] :: File '/root/root.inst/root/testout' should not contain 'TCP' 
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 4 good, 1 bad
:: [   FAIL   ] :: RESULT: Test
Comment 2 Miroslav Vadkerti 2011-04-05 08:26:52 UTC 
This bug still exists in openssh-4.3p2-72.el5
Comment 3 RHEL Program Management 2011-05-31 14:31:38 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 4 Jan F. Chadima 2011-07-28 10:26:08 UTC 
This bug is resolved in RHE6. Therefore, I recommend upgrading to RHEL6 all customers who are affected by this issue.
Comment 9 errata-xmlrpc 2012-02-21 06:12:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0237.html