121325 – fam should be turned off if selinux is "enforcing"

Bug 121325 - fam should be turned off if selinux is "enforcing"

Summary: fam should be turned off if selinux is "enforcing"

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	fam
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Veillard
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-04-20 14:24 UTC by Tom London
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-30 08:49:43 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tom London 2004-04-20 14:24:22 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
fam should be disabled if selinux is in enforcing mode.  This will
prevent numberous errors/churning, etc.

Version-Release number of selected component (if applicable):
fam-2.6.10-8

How reproducible:
Always

Steps to Reproduce:
1. boot w/enforcing
2. check /var/log/messages after 60 minutes or so....
3.
    

Actual Results:  e.g.:
Apr 19 17:51:03 fedora xinetd[1386]: Activating service sgi_fam
Apr 19 17:56:59 fedora fam[4304]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4305]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4306]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4307]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4308]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4309]: listen: Permission denied
Apr 19 17:56:59 fedora kernel: audit(1082422619.299:0): avc:  denied 
{ search } for  pid=4304 exe=/usr/bin/fam name=sys dev= ino=4120
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:object_r:sysctl_t tclass=dir
Apr 19 17:56:59 fedora fam[4310]: listen: Permission denied
Apr 19 17:56:59 fedora kernel: audit(1082422619.300:0): avc:  denied 
{ listen } for  pid=4304 exe=/usr/bin/fam path=/tmp/.fam_socket
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:system_r:inetd_child_t tclass=unix_stream_socket


Additional info:

Comment 1 Daniel Veillard 2004-08-30 08:49:43 UTC

This is fixed in RawHide. fam is deprecated there, obsoleted
by gamin which run per-user (or per session), hence avoiding
the incompatibility with SELinux.

  thanks for the feedback,

Daniel

Note You need to log in before you can comment on or make changes to this bug.