Bug 1017107 - radiusd cannot write to tmp
radiusd cannot write to tmp
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
Depends On:
Blocks: 1096891
  Show dependency treegraph
Reported: 2013-10-09 05:29 EDT by Karel Srot
Modified: 2014-10-14 03:57 EDT (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-245.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 965639
: 1096891 (view as bug list)
Last Closed: 2014-10-14 03:57:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Karel Srot 2013-10-09 05:29:07 EDT
Description of problem:
The following AVC denial appears when radiusd integrated with kerberos is trying to authenticate an user.

time->Tue Oct  8 14:18:25 2013
type=PATH msg=audit(1381256305.822:917): item=0 name="/var/tmp/" inode=2621539 dev=fd:00 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0
type=CWD msg=audit(1381256305.822:917):  cwd="/"
type=SYSCALL msg=audit(1381256305.822:917): arch=c000003e syscall=2 success=no exit=-13 a0=7fe5740089e0 a1=2c1 a2=180 a3=7fe57ed6e700 items=1 ppid=1 pid=14030 auid=4294967295 uid=95 gid=95 euid=95 suid=95 fsuid=95 egid=95 sgid=95 fsgid=95 tty=(none) ses=4294967295 comm="radiusd" exe="/usr/sbin/radiusd" subj=unconfined_u:system_r:radiusd_t:s0 key=(null)
type=AVC msg=audit(1381256305.822:917): avc:  denied  { write } for  pid=14030 comm="radiusd" name="tmp" dev=dm-0 ino=2621539 scontext=unconfined_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

Steps to Reproduce:
1. Integrate radiusd with kerberos
2. Try to authenticate a kerberos user via radius
Comment 2 Lukas Vrabec 2014-06-25 09:36:48 EDT
patch sent.
Comment 6 errata-xmlrpc 2014-10-14 03:57:14 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.