| Summary: | SELinux is preventing /sbin/consoletype from read access on the chr_file /dev/null | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ralf Corsepius <rc040203> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-05 11:50:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Ralf Corsepius
2011-11-25 17:16:01 UTC
Update: This SEalert seems to originate from a package's _testsuite_, which deliberately tries to open /dev/null for reading. Could you add full AVC msg? # grep consoletype /var/log/audit/audit.log Here it is:
# grep consoletype /var/log/audit/audit.log
type=AVC msg=audit(1322290024.889:2186): avc: denied { read } for pid=1433 comm="consoletype" path="/dev/null" dev=sda3 ino=2359815 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file
type=AVC msg=audit(1322290024.889:2186): avc: denied { write } for pid=1433 comm="consoletype" path="/dev/null" dev=sda3 ino=2359815 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:mock_var_lib_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1322290024.889:2186): arch=c000003e syscall=59 success=yes exit=0 a0=6fc9d0 a1=707140 a2=707390 a3=7fffd43437b0 items=0 ppid=1432 pid=1433 auid=8690 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
FYI: I meanwhile have a deterministic reproducer: One of these is rebuilding the perl-Plack package (From Fedora's git/master or rawhide) in a fedora-rawhide mock on fedora-16.
Another reproducer: Rebuild the perl-Starlet package from fedora's git in mock on fedora-16. We have the similar bug. *** This bug has been marked as a duplicate of bug 745287 *** |