Bug 117784 - "rpm" avc denial errors (mostly benign)
"rpm" avc denial errors (mostly benign)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-08 10:45 EST by Stephen Tweedie
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-08 14:01:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Stephen Tweedie 2004-03-08 10:45:25 EST
Description of problem:

"rpm" installs result in various avc errors:

audit(1078760380.571:0): avc:  denied  { getattr } for  pid=3240
exe=/bin/rpm path=/home dev= ino=1 scontext=root:sysadm_r:rpm_t
tcontext=system_u:object_r:autofs_t tclass=dir

which is associated with the immediate error:

# rpm -ivh kernel-2.6.3-2.1.242.i686.rpm
error: failed to stat /home: Permission denied

where /home is an autofs filesystem;

audit(1078760413.660:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:devpts_t tclass=dir

where the rpm script fails to read the pty associated with the (ssh)
login;

audit(1078760413.710:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:proc_t tclass=dir
audit(1078760413.760:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev=0:e ino=2 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:nfs_t tclass=dir

where the script fails to access /proc, and the nfs directory from
which the install is being run, respectively.

The rpm install appears to proceed normally despite these, but there
may obviously be unanticipated problems in the post-install script's
execution as a result of the avc denied errors.

Version-Release number of selected component (if applicable):
rawhide-20040305 with upgraded policy rpms
policy-1.7-8
rpm-4.3-0.17

How reproducible:
100%

Steps to Reproduce:
1. Install any rpm on a system with autofs-mounted /home (for autofs_t
error);
 or install an rpm with a post-install script (for devpts error);
 or install an rpm with a post-install script, where the rpm package
is located on an nfs filesystem (for nfs_t script error)
  
Actual results:
avc errors detailed above

Expected results:
no avc errors
Comment 1 Daniel Walsh 2004-03-08 14:01:57 EST
Fixed in policy-sources-1.7-9

Note You need to log in before you can comment on or make changes to this bug.