Bug 117784 - "rpm" avc denial errors (mostly benign)
Summary: "rpm" avc denial errors (mostly benign)
Alias: None
Product: Fedora
Classification: Fedora
Component: policy   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-03-08 15:45 UTC by Stephen Tweedie
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-03-08 19:01:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Stephen Tweedie 2004-03-08 15:45:25 UTC
Description of problem:

"rpm" installs result in various avc errors:

audit(1078760380.571:0): avc:  denied  { getattr } for  pid=3240
exe=/bin/rpm path=/home dev= ino=1 scontext=root:sysadm_r:rpm_t
tcontext=system_u:object_r:autofs_t tclass=dir

which is associated with the immediate error:

# rpm -ivh kernel-2.6.3-2.1.242.i686.rpm
error: failed to stat /home: Permission denied

where /home is an autofs filesystem;

audit(1078760413.660:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:devpts_t tclass=dir

where the rpm script fails to read the pty associated with the (ssh)

audit(1078760413.710:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev= ino=1 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:proc_t tclass=dir
audit(1078760413.760:0): avc:  denied  { search } for  pid=3241
exe=/bin/bash dev=0:e ino=2 scontext=root:sysadm_r:rpm_script_t
tcontext=system_u:object_r:nfs_t tclass=dir

where the script fails to access /proc, and the nfs directory from
which the install is being run, respectively.

The rpm install appears to proceed normally despite these, but there
may obviously be unanticipated problems in the post-install script's
execution as a result of the avc denied errors.

Version-Release number of selected component (if applicable):
rawhide-20040305 with upgraded policy rpms

How reproducible:

Steps to Reproduce:
1. Install any rpm on a system with autofs-mounted /home (for autofs_t
 or install an rpm with a post-install script (for devpts error);
 or install an rpm with a post-install script, where the rpm package
is located on an nfs filesystem (for nfs_t script error)
Actual results:
avc errors detailed above

Expected results:
no avc errors

Comment 1 Daniel Walsh 2004-03-08 19:01:57 UTC
Fixed in policy-sources-1.7-9

Note You need to log in before you can comment on or make changes to this bug.