Bug 1017107 - radiusd cannot write to tmp
Summary: radiusd cannot write to tmp
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.4
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks: 1096891
TreeView+ depends on / blocked
 
Reported: 2013-10-09 09:29 UTC by Karel Srot
Modified: 2014-10-14 07:57 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-3.7.19-245.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 965639
: 1096891 (view as bug list)
Environment:
Last Closed: 2014-10-14 07:57:14 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1568 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2014-10-14 01:27:37 UTC

Description Karel Srot 2013-10-09 09:29:07 UTC
Description of problem:
The following AVC denial appears when radiusd integrated with kerberos is trying to authenticate an user.

time->Tue Oct  8 14:18:25 2013
type=PATH msg=audit(1381256305.822:917): item=0 name="/var/tmp/" inode=2621539 dev=fd:00 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0
type=CWD msg=audit(1381256305.822:917):  cwd="/"
type=SYSCALL msg=audit(1381256305.822:917): arch=c000003e syscall=2 success=no exit=-13 a0=7fe5740089e0 a1=2c1 a2=180 a3=7fe57ed6e700 items=1 ppid=1 pid=14030 auid=4294967295 uid=95 gid=95 euid=95 suid=95 fsuid=95 egid=95 sgid=95 fsgid=95 tty=(none) ses=4294967295 comm="radiusd" exe="/usr/sbin/radiusd" subj=unconfined_u:system_r:radiusd_t:s0 key=(null)
type=AVC msg=audit(1381256305.822:917): avc:  denied  { write } for  pid=14030 comm="radiusd" name="tmp" dev=dm-0 ino=2621539 scontext=unconfined_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir


Steps to Reproduce:
1. Integrate radiusd with kerberos
2. Try to authenticate a kerberos user via radius

Comment 2 Lukas Vrabec 2014-06-25 13:36:48 UTC
patch sent.

Comment 6 errata-xmlrpc 2014-10-14 07:57:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1568.html


Note You need to log in before you can comment on or make changes to this bug.