Bug 130765 - avc for portmap
Summary: avc for portmap
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-24 14:46 UTC by John Reiser
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-02-09 18:55:36 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description John Reiser 2004-08-24 14:46:31 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809

Description of problem:
During boot to targeted, permissive mode, the logfile
/var/log/messages gets three avc for portmap.  NFS configuration is
default [doing nothing]: /etc/exports is empty (no exported NFS
directories) and there are no NFS imports (no mounts from other machines).

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.2-1

How reproducible:
Always

Steps to Reproduce:
1. boot into targeted, permissive mode with empty /etc/exports and no
NFS imports; but default portmap configuration.
2.
3.
    

Actual Results:  Aug 24 07:40:41 fc3test1 kernel:
audit(1093358440.882:0): avc:  denied  { read write } for  pid=2396
exe=/sbin/portmap path=/dev/console dev=ramfs ino=806
scontext=user_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.892:0): avc:  denied
 { search } for  pid=2397 exe=/sbin/portmap dev=ramfs ino=805
scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:ramfs_t
tclass=dir
Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.897:0): avc:  denied
 { getattr } for  pid=2397 exe=/sbin/portmap path=/dev/null dev=ramfs
ino=807 scontext=user_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file


Expected Results:  No complaints.

Additional info:

Comment 1 Daniel Walsh 2004-08-25 20:16:17 UTC
Looks like you are using /dev/ on a ram file system.  This is not
currently supported.

Dan

Comment 2 John Reiser 2004-08-25 22:12:15 UTC
It's the result of default FC3T1 Workstation install, plus all
up2date; I didn't change any configuration setting "manually."  I
agree, it does look like /dev is in ramfs; but that's the way that
FC3T1+up2date set it up, so if it's not supposed to be that way, then
that is a bug.

Comment 3 Daniel Walsh 2004-09-09 18:04:38 UTC
Latest policy should support /dev/ on tmpfs.
Please try selinux-policy-strict-1.17.11-2

Comment 4 Daniel Walsh 2005-02-09 18:55:36 UTC
Fixed in current release


Note You need to log in before you can comment on or make changes to this bug.