Bug 644333

Summary: SELinux is preventing /bin/bash "read" access on /home/mark.
Product: Red Hat Enterprise Linux 5 Reporter: Aleš Mareček <amarecek>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.6CC: amarecek, dgregor, dwalsh, jrieden, mjw, mmalik, notting, sgrubb, syeghiay, xlu
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:eaebbbe5d4712447f19b81782c476dc52dcf31425ced21e73710d04dc39947b4
Fixed In Version: selinux-policy-2.4.6-296.el5 Doc Type: Bug Fix
Doc Text:
Under certain circumstances, SELinux could report that Internet Protocol Security (IPsec) management tools require read access to the content of a user's home directory. This error no longer occurs, and an appropriate SELinux rule has been added to resolve this issue.
 Story Points: ---
Clone Of: 587669 Environment:
Last Closed: 2011-01-13 21:50:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 587669    
Bug Blocks: 640580    

Comment 1 Miroslav Grepl 2010-10-19 14:11:53 UTC 
Fixed in selinux-policy-2.4.6-288.el5
Comment 4 Miroslav Grepl 2010-11-29 11:52:25 UTC 
Milos,
does the test pass in enforcing mode? 

I will add

files_dontaudit_search_home(ipsec_mgmt_t)
Comment 5 Miroslav Grepl 2010-12-01 10:13:48 UTC 
Fixed in selinux-policy-2.4.6-296.el5
Comment 7 Jaromir Hradilek 2011-01-05 16:24:02 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, SELinux could report that Internet Protocol Security (IPsec) management tools require read access to the content of a user's home directory. This error no longer occurs, and an appropriate SELinux rule has been added to resolve this issue.
Comment 9 errata-xmlrpc 2011-01-13 21:50:54 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html