Bug 121325 - fam should be turned off if selinux is "enforcing"
fam should be turned off if selinux is "enforcing"
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: fam (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-20 10:24 EDT by Tom London
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-30 04:49:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom London 2004-04-20 10:24:22 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
fam should be disabled if selinux is in enforcing mode.  This will
prevent numberous errors/churning, etc.

Version-Release number of selected component (if applicable):
fam-2.6.10-8

How reproducible:
Always

Steps to Reproduce:
1. boot w/enforcing
2. check /var/log/messages after 60 minutes or so....
3.
    

Actual Results:  e.g.:
Apr 19 17:51:03 fedora xinetd[1386]: Activating service sgi_fam
Apr 19 17:56:59 fedora fam[4304]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4305]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4306]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4307]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4308]: listen: Permission denied
Apr 19 17:56:59 fedora fam[4309]: listen: Permission denied
Apr 19 17:56:59 fedora kernel: audit(1082422619.299:0): avc:  denied 
{ search } for  pid=4304 exe=/usr/bin/fam name=sys dev= ino=4120
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:object_r:sysctl_t tclass=dir
Apr 19 17:56:59 fedora fam[4310]: listen: Permission denied
Apr 19 17:56:59 fedora kernel: audit(1082422619.300:0): avc:  denied 
{ listen } for  pid=4304 exe=/usr/bin/fam path=/tmp/.fam_socket
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:system_r:inetd_child_t tclass=unix_stream_socket


Additional info:
Comment 1 Daniel Veillard 2004-08-30 04:49:43 EDT
This is fixed in RawHide. fam is deprecated there, obsoleted
by gamin which run per-user (or per session), hence avoiding
the incompatibility with SELinux.

  thanks for the feedback,

Daniel

Note You need to log in before you can comment on or make changes to this bug.