Bug 800785

Summary: avc: denied { write } for pid=19624 comm="passwd"
Product: Red Hat Enterprise Linux 6 Reporter: Michal Nowak <mnowak>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.3CC: dwalsh, mmalik, ohudlick
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-07 12:11:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michal Nowak 2012-03-07 09:02:01 UTC 
Description of problem:

Just found it in log http://beaker-archive.app.eng.bos.redhat.com/beaker-logs/2012/03/2009/200943/426298/4779846/26331681/test_log-Setup-avc.log when running

useradd abrt-suid-test -M
echo "kokotice" | passwd abrt-suid-test --stdin

type=AVC msg=audit(1331109716.691:214428): avc:  denied  { write } for  pid=19624 comm="passwd" path="/tmp/abrt-testsuite/test/bz783450-setuid-core-owned-by-root/full.log" dev=dm-0 ino=2229049 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

type=AVC msg=audit(1331109716.691:214428): avc:  denied  { write } for  pid=19624 comm="passwd" path="/tmp/abrt-testsuite/test/bz783450-setuid-core-owned-by-root/full.log" dev=dm-0 ino=2229049 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

Version-Release number of selected component (if applicable):

selinux-policy-3.7.19-138.el6.noarch
Comment 2 Miroslav Grepl 2012-03-07 11:02:53 UTC 
This is a test issue with beaker/passwd which is caused by 

$RUNNER_SCRIPT $test &> $logfile

You will need to change a label for full.log to make this workig as you need.


$ sesearch -A -s passwd_t -c file -p write
Comment 3 Milos Malik 2012-03-07 11:31:17 UTC 
Please run "restorecon -Rv /etc" on that machine.

rlFileRestore() is the culprit.