Bug 848727
Summary: | service netplugd restart produces AVCs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Milos Malik <mmalik> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Michal Trunecka <mtruneck> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.9 | CC: | dwalsh, ebenes, mtruneck |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-2.4.6-332.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-08 03:33:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Milos Malik
2012-08-16 09:55:43 UTC
The same action produces following AVCs in permissive mode: ---- time->Thu Aug 16 11:56:37 2012 type=PATH msg=audit(1345110997.928:291): item=0 name="/usr/sbin/brctl" inode=601299 dev=03:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:brctl_exec_t:s0 type=CWD msg=audit(1345110997.928:291): cwd="/etc/sysconfig/network-scripts" type=SYSCALL msg=audit(1345110997.928:291): arch=40000003 syscall=33 success=yes exit=0 a0=9734408 a1=1 a2=5f0ff4 a3=0 items=1 ppid=8699 pid=8700 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="ifup-eth" exe="/bin/bash" subj=root:system_r:hotplug_t:s0 key=(null) type=AVC msg=audit(1345110997.928:291): avc: denied { execute } for pid=8700 comm="ifup-eth" name="brctl" dev=hda3 ino=601299 scontext=root:system_r:hotplug_t:s0 tcontext=system_u:object_r:brctl_exec_t:s0 tclass=file ---- time->Thu Aug 16 11:56:37 2012 type=PATH msg=audit(1345110997.917:290): item=0 name="/usr/sbin/brctl" inode=601299 dev=03:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:brctl_exec_t:s0 type=CWD msg=audit(1345110997.917:290): cwd="/etc/sysconfig/network-scripts" type=SYSCALL msg=audit(1345110997.917:290): arch=40000003 syscall=195 success=yes exit=0 a0=9734408 a1=bffbe86c a2=5f0ff4 a3=1 items=1 ppid=8699 pid=8700 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="ifup-eth" exe="/bin/bash" subj=root:system_r:hotplug_t:s0 key=(null) type=AVC msg=audit(1345110997.917:290): avc: denied { getattr } for pid=8700 comm="ifup-eth" path="/usr/sbin/brctl" dev=hda3 ino=601299 scontext=root:system_r:hotplug_t:s0 tcontext=system_u:object_r:brctl_exec_t:s0 tclass=file ---- This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. We have in RHEL6 optional_policy(` brctl_domtrans(hotplug_t) ') which I am going to backport. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0060.html |