Bug 656290
Summary: | udevmonitor cannot create socket if MLS policy is in enforcing mode | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Milos Malik <mmalik> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.6 | CC: | dwalsh |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-2.4.6-294.el5 | Doc Type: | Bug Fix |
Doc Text: |
When SELinux was running in the enforcing mode, an SELinux MLS policy did not allow the udevmonitor to create a socket. As a result, an attempt to run this command in single user mode failed with the following error message:
error getting socket: Permission denied
With this update, the SELinux policy has been fixed to permit the creation of such socket, and udevmonitor can now be run as expected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2011-01-13 21:51:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Milos Malik
2010-11-23 12:44:13 UTC
I forgot to mention that the machine is in single mode. We allow it in RHEL6. Yes we should allow it. Fixed in selinux-policy-2.4.6-294.el5.noarch Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: When SELinux was running in the enforcing mode, an SELinux MLS policy did not allow the udevmonitor to create a socket. As a result, an attempt to run this command in single user mode failed with the following error message: error getting socket: Permission denied With this update, the SELinux policy has been fixed to permit the creation of such socket, and udevmonitor can now be run as expected. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html |