Bug 714968

Summary: SELinux is preventing /usr/sbin/privoxy from 'read' accesses on the file unix.
Product: [Fedora] Fedora Reporter: Andreas Schwab <schwab>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.9.16-32.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-08 18:11:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Andreas Schwab 2011-06-21 13:06:23 UTC 
Source Context                system_u:system_r:privoxy_t:s0
Target Context                system_u:object_r:proc_net_t:s0
Target Objects                unix [ file ]
Source                        privoxy
Source Path                   /usr/sbin/privoxy
Port                          <Unbekannt>
Host                          (removed)
Source RPM Packages           privoxy-3.0.17-0.1.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.16-26.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux hase 2.6.38.8-32.fc15.x86_64 #1 SMP Mon Jun
                              13 19:49:05 UTC 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Di 21 Jun 2011 14:54:10 CEST
Last Seen                     Di 21 Jun 2011 14:54:10 CEST
Local ID                      cf0a2da5-c748-4c25-9541-0b7df390d73e

Raw Audit Messages
type=AVC msg=audit(1308660850.468:715): avc:  denied  { read } for  pid=26049 comm="privoxy" name="unix" dev=proc ino=4026531981 scontext=system_u:system_r:privoxy_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file


type=SYSCALL msg=audit(1308660850.468:715): arch=x86_64 syscall=access success=no exit=EACCES a0=7fb4df7f9b40 a1=4 a2=7fb4df7f9b4e a3=0 items=0 ppid=1 pid=26049 auid=4294967295 uid=73 gid=73 euid=73 suid=73 fsuid=73 egid=73 sgid=73 fsgid=73 tty=(none) ses=4294967295 comm=privoxy exe=/usr/sbin/privoxy subj=system_u:system_r:privoxy_t:s0 key=(null)

Hash: privoxy,privoxy_t,proc_net_t,file,read
Comment 1 Daniel Walsh 2011-06-22 18:37:33 UTC 
Fixed in selinux-policy-3.9.16-31.fc15
Comment 2 Fedora Update System 2011-06-30 15:59:14 UTC 
selinux-policy-3.9.16-31.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-31.fc15
Comment 3 Fedora Update System 2011-07-01 18:55:42 UTC 
Package selinux-policy-3.9.16-32.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-32.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-32.fc15
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2011-07-08 18:09:56 UTC 
selinux-policy-3.9.16-32.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.