Bug 742448

Summary: AVC for prelink
Product: Red Hat Enterprise Linux 6 Reporter: Jan Hutař <jhutar>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: dwalsh, ltoscano, mmalik, slukasik
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-28 16:02:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Hutař 2011-09-30 07:50:26 UTC 
Description of problem:
During execution of our tests we have seen this (multiple times):

time->Thu Sep 29 15:32:42 2011
type=SYSCALL msg=audit(1317324762.246:592298): arch=c000003e syscall=56 success=yes exit=39790 a0=1200011 a1=0 a2=0 a3=7f5df2db39d0 items=0 ppid=48267 pid=39787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1317324762.246:592298): avc:  denied  { sys_resource } for  pid=39787 comm="prelink" capability=24  scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1317324762.246:592298): avc:  denied  { sys_admin } for  pid=39787 comm="prelink" capability=21  scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tclass=capability


Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-113.el6.noarch
selinux-policy-targeted-3.7.19-113.el6.noarch


How reproducible:
1 of 1 attempt


Steps to Reproduce:
1. I do not know what caused it. It does not seemed to be caused by our tests, but by cron running prelink.


Actual results:
AVC above


Expected results:
No AVC
Comment 3 Miroslav Grepl 2011-09-30 08:57:20 UTC 
These AVC's are caused by running out of resources, usually disk space on your / partition.
Comment 4 Šimon Lukašík 2011-09-30 09:03:59 UTC 
Interestingly, there is a lot of disk space left on this particular machine:

  # grep -q system_u:system_r:prelink_cron_system_t \
        /var/log/audit/audit.log && df | grep /$
                     33378088  16130308  15552244  51% /
Comment 5 Milos Malik 2011-09-30 09:34:06 UTC 
syscall=56 -> syscall=clone

What about the limit for number of processes / threads ? Is it possible that the limit was reached ?
Comment 6 Daniel Walsh 2011-09-30 14:40:06 UTC 
Two many processes/forks?
Comment 7 RHEL Program Management 2011-10-07 16:05:53 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 9 Luigi Toscano 2012-01-26 13:35:18 UTC 
Could this be a potential duplicate of rhbz680204 ?
Comment 10 Miroslav Grepl 2012-02-28 16:02:18 UTC 

*** This bug has been marked as a duplicate of bug 680204 ***