Bug 652660
| Summary: | selinux-policy and sa1 command | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Branislav Náter <bnater> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 5.6 | CC: | dwalsh, ksrot, mmalik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-2.4.6-293.el5 | Doc Type: | Bug Fix |
| Doc Text: |
Previously, running the sa1 command from the sysstat package caused various denial messages to be written in the audit log. This update addresses this issue, and the above command now works as expected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-01-13 21:51:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is allowed in RHEL6 Let's fix it in RHEL5.6 Fixed in selinux-policy-2.4.6-293.el5.noarch
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Previously, running the sa1 command from the sysstat package caused various denial messages to be written in the audit log. This update addresses this issue, and the above command now works as expected.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html |
Description of problem: When I tried to run sa1 commnad from sysstat package, several messages (see bellow) appear in avc log. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-279.el5_5.2.noarch How reproducible: always Steps to Reproduce: 1. try to run /usr/lib/sa/sa1 1 1 2. check avc log Actual results: ---- time->Thu Nov 11 08:56:53 2010 type=SYSCALL msg=audit(1289483813.390:20): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff6f434 a2=534ff4 a3=3 items=0 ppid=4551 pid=4564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sa1" exe="/bin/bash" subj=system_u:system_r:sysstat_t:s0 key=(null) type=AVC msg=audit(1289483813.390:20): avc: denied { search } for pid=4564 comm="sa1" name="nscd" dev=dm-0 ino=3244102 scontext=system_u:system_r:sysstat_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir ---- time->Thu Nov 11 08:56:53 2010 type=SYSCALL msg=audit(1289483813.390:21): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff6f54c a2=534ff4 a3=3 items=0 ppid=4551 pid=4564 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sa1" exe="/bin/bash" subj=system_u:system_r:sysstat_t:s0 key=(null) type=AVC msg=audit(1289483813.390:21): avc: denied { search } for pid=4564 comm="sa1" name="nscd" dev=dm-0 ino=3244102 scontext=system_u:system_r:sysstat_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir ---- Expected results: no messages