Bug 853403

Summary: Failing cvs login causes avc denial on /var/run/utmp
Product: Red Hat Enterprise Linux 7 Reporter: Petr Sklenar <psklenar>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dwalsh, mmalik, ppisar
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 756066 Environment:
Last Closed: 2012-10-12 20:24:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Milos Malik 2012-08-31 12:48:57 UTC
The automated test didn't produce any AVCs on my machine, because this kind of access is dontaudited:

# matchpathcon /var/run/utmp 
/var/run/utmp	system_u:object_r:initrc_var_run_t:s0
# sesearch -s cvs_t -t initrc_var_run_t -c file --dontaudit
Found 1 semantic av rules:
   dontaudit cvs_t initrc_var_run_t : file { ioctl read getattr lock open } ; 

# 

Following packages are installed on that machine:

selinux-policy-3.11.1-11.el7.noarch
selinux-policy-devel-3.11.1-11.el7.noarch
selinux-policy-targeted-3.11.1-11.el7.noarch
selinux-policy-minimum-3.11.1-11.el7.noarch
selinux-policy-doc-3.11.1-11.el7.noarch

Comment 2 Daniel Walsh 2012-10-12 20:24:38 UTC
So this is not a bug?