| Summary: | denial on cvs search in user's home directory | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Petr Sklenar <psklenar> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.2 | CC: | dwalsh, mmalik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-01-11 10:12:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Petr Sklenar
2012-01-11 08:23:01 UTC
I just found that there is boolean on rhel5 which helps there. setsebool cvs_disable_trans on When I tried that on rhel5 then this boolean will help and denial is not there. Its not on rhel6, so adding keyword Regression. There are many *_disable_trans booleans in RHEL-5, but these booleans were intentionally not implemented in RHEL-6, because they serve another purpose. I'm going to remove Regression keyword, because this is a regular bug. I see the same AVC in https://bugzilla.redhat.com/show_bug.cgi?id=768312#c6. Could we mark this bug as duplicate? (In reply to comment #6) > I see the same AVC in https://bugzilla.redhat.com/show_bug.cgi?id=768312#c6. > Could we mark this bug as duplicate? I see this is that search. I thing its the same. I am closing this bug as dupe of 768312 *** This bug has been marked as a duplicate of bug 768312 *** We don't audit it in RHEL5. Is this really needed? Are you getting more AVC msgs in permissive mode? (In reply to comment #8) > Is this really needed? Are you getting more AVC msgs in permissive mode? There is the same amount of denials in permissive mode. All of them looks like Comment 0 : avc: denied { search } for pid=19270 comm="cvs" I hope its going to be fixed by bug 768312, is it? |