1017107 – radiusd cannot write to tmp

Bug 1017107 - radiusd cannot write to tmp

Summary: radiusd cannot write to tmp

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	6.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Lukas Vrabec
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1096891
TreeView+	depends on / blocked

Reported:	2013-10-09 09:29 UTC by Karel Srot
Modified:	2014-10-14 07:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:	selinux-policy-3.7.19-245.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	965639
Clones:	1096891 (view as bug list)
Environment:
Last Closed:	2014-10-14 07:57:14 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1568	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2014-10-14 01:27:37 UTC

Description Karel Srot 2013-10-09 09:29:07 UTC

Description of problem:
The following AVC denial appears when radiusd integrated with kerberos is trying to authenticate an user.

time->Tue Oct  8 14:18:25 2013
type=PATH msg=audit(1381256305.822:917): item=0 name="/var/tmp/" inode=2621539 dev=fd:00 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0
type=CWD msg=audit(1381256305.822:917):  cwd="/"
type=SYSCALL msg=audit(1381256305.822:917): arch=c000003e syscall=2 success=no exit=-13 a0=7fe5740089e0 a1=2c1 a2=180 a3=7fe57ed6e700 items=1 ppid=1 pid=14030 auid=4294967295 uid=95 gid=95 euid=95 suid=95 fsuid=95 egid=95 sgid=95 fsgid=95 tty=(none) ses=4294967295 comm="radiusd" exe="/usr/sbin/radiusd" subj=unconfined_u:system_r:radiusd_t:s0 key=(null)
type=AVC msg=audit(1381256305.822:917): avc:  denied  { write } for  pid=14030 comm="radiusd" name="tmp" dev=dm-0 ino=2621539 scontext=unconfined_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir


Steps to Reproduce:
1. Integrate radiusd with kerberos
2. Try to authenticate a kerberos user via radius

Comment 2 Lukas Vrabec 2014-06-25 13:36:48 UTC

patch sent.

Comment 6 errata-xmlrpc 2014-10-14 07:57:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1568.html

Note You need to log in before you can comment on or make changes to this bug.