Bug 1177716 - [PATCH] couchdb_t must be allowed to sendto kernel unix dgram sockets
Summary: [PATCH] couchdb_t must be allowed to sendto kernel unix dgram sockets
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-30 03:50 UTC by Warren Togami
Modified: 2015-01-30 23:55 UTC (History)
1 user (show)

Fixed In Version: selinux-policy-3.13.1-105.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-30 23:55:32 UTC
Type: Bug


Attachments (Terms of Use)

Description Warren Togami 2014-12-30 03:50:29 UTC
selinux-policy-3.13.1-103.fc21

This commit fixes an issue where on Fedora 21 couchdb currently fails to start because it cannot `sendto` to systemd.

```
type=AVC msg=audit(1419910248.390:2287): avc:  denied  { sendto } for  pid=32469 comm="beam.smp" path="/run/systemd/notify" scontext=system_u:system_r:couchdb_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=unix_dgram_socket permissive=0
type=SYSCALL msg=audit(1419910248.390:2287): arch=c000003e syscall=46 success=no exit=-13 a0=10 a1=7fa64d3bbc50 a2=4000 a3=1 items=0 ppid=1 pid=32469 auid=4294967295 uid=986 gid=983 euid=986 suid=986 fsuid=986 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295 comm="beam.smp" exe="/usr/lib64/erlang/erts-6.3/bin/beam.smp" subj=system_u:system_r:couchdb_t:s0 key=(null)
```

https://github.com/selinux-policy/selinux-policy/pull/9

Comment 1 Lukas Vrabec 2015-01-15 11:11:08 UTC
Added to selinux-policy repo.

commit e39220b39b5f651000d121b963b6289afd78c277
Merge: 61596b7 f6b5bf6
Author: Lukas Vrabec <wrabcak@users.noreply.github.com>
Date:   Thu Jan 15 12:06:27 2015 +0100

    Merge pull request #9 from wtogami/couchdb_systemd_and_df
    
    couchdb: Allow couchdb to sendto kernel unix domain sockets

Added to Rawhide,F21,F20.

Comment 2 Fedora Update System 2015-01-27 16:50:12 UTC
selinux-policy-3.13.1-105.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.fc21

Comment 3 Fedora Update System 2015-01-30 04:33:03 UTC
Package selinux-policy-3.13.1-105.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-1337/selinux-policy-3.13.1-105.fc21
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2015-01-30 23:55:32 UTC
selinux-policy-3.13.1-105.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.