Bug 756811

Summary: mcelog generates AVCs on mcelog.pid
Product: [Fedora] Fedora Reporter: David Jaša <djasa>
Component: mcelogAssignee: Prarit Bhargava <prarit>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 19CC: carlg, charlieb-fedora-bugzilla, dwalsh, prarit
Target Milestone: ---Keywords: Reopened, SELinux
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-14 14:52:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 756812    
Bug Blocks:    

Description David Jaša 2011-11-24 16:57:29 UTC 
Description of problem:
on freshly installed fedora rawhide, mcelog generates these three kinds of AVCs:

1. if file /var/run/mcelog.pid is not present:
type=AVC msg=audit(1322149270.300:18): avc:  denied  { create } for  pid=650 comm="mcelog" name="mcelog.pid" scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

2. if create is allowed then this one pops up:
type=AVC msg=audit(1322146088.957:78): avc:  denied  { write open } for  pid=1163 comm="mcelog" name="mcelog.pid" dev=tmpfs ino=19164 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

3. if file is created manually (IIRC)
type=AVC msg=audit(1322146909.437:126): avc:  denied  { unlink } for  pid=1163 comm="mcelog" name="mcelog.pid" dev=tmpfs ino=19164 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

Version-Release number of selected component (if applicable):
mcelog-1.0-0.3.6e4e2a00.fc17.x86_64

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 David Jaša 2011-11-24 17:44:39 UTC 
After further investigation, it seems that the only problem is wrong context on /var/run/mcelog.pid, once it is fixed, AVCs disappear. Closing as not a bug.
Comment 2 Daniel Walsh 2011-11-29 02:27:35 UTC 
Fixed in rawhide.
Comment 3 Carl G. 2011-12-04 11:46:07 UTC 
What about F16?

https://bugzilla.redhat.com/show_bug.cgi?id=757041

^ "type=AVC msg=audit(1322130010.286:5664): avc:  denied  { getattr } for  pid=14989 comm="mcelog" path="/run/mcelog.pid" dev=tmpfs ino=27703564 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file"
Comment 4 Daniel Walsh 2011-12-05 14:55:30 UTC 
Fixed there also, yum update
Comment 5 Charlie Brady 2012-01-17 16:10:07 UTC 
(In reply to comment #3)
> What about F16?

Seen also in F15.

> Closing as not a bug.

Seriously?
Comment 6 Daniel Walsh 2012-01-17 16:33:23 UTC 
You are seeing this bug in F16 and F15?
Comment 7 Daniel Walsh 2012-01-17 16:35:35 UTC 
On my F16 box I see them labeled correctly.

selinux-policy-3.10.0-71
Comment 8 Fedora End Of Life 2013-04-03 19:57:10 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 9 Prarit Bhargava 2013-08-14 12:26:00 UTC 
Should this be open or closed at this point?

P.