Bug 130765 - avc for portmap
avc for portmap
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-24 10:46 EDT by John Reiser
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-09 13:55:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Reiser 2004-08-24 10:46:31 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809

Description of problem:
During boot to targeted, permissive mode, the logfile
/var/log/messages gets three avc for portmap.  NFS configuration is
default [doing nothing]: /etc/exports is empty (no exported NFS
directories) and there are no NFS imports (no mounts from other machines).

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.2-1

How reproducible:
Always

Steps to Reproduce:
1. boot into targeted, permissive mode with empty /etc/exports and no
NFS imports; but default portmap configuration.
2.
3.
    

Actual Results:  Aug 24 07:40:41 fc3test1 kernel:
audit(1093358440.882:0): avc:  denied  { read write } for  pid=2396
exe=/sbin/portmap path=/dev/console dev=ramfs ino=806
scontext=user_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.892:0): avc:  denied
 { search } for  pid=2397 exe=/sbin/portmap dev=ramfs ino=805
scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:ramfs_t
tclass=dir
Aug 24 07:40:41 fc3test1 kernel: audit(1093358440.897:0): avc:  denied
 { getattr } for  pid=2397 exe=/sbin/portmap path=/dev/null dev=ramfs
ino=807 scontext=user_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file


Expected Results:  No complaints.

Additional info:
Comment 1 Daniel Walsh 2004-08-25 16:16:17 EDT
Looks like you are using /dev/ on a ram file system.  This is not
currently supported.

Dan
Comment 2 John Reiser 2004-08-25 18:12:15 EDT
It's the result of default FC3T1 Workstation install, plus all
up2date; I didn't change any configuration setting "manually."  I
agree, it does look like /dev is in ramfs; but that's the way that
FC3T1+up2date set it up, so if it's not supposed to be that way, then
that is a bug.
Comment 3 Daniel Walsh 2004-09-09 14:04:38 EDT
Latest policy should support /dev/ on tmpfs.
Please try selinux-policy-strict-1.17.11-2
Comment 4 Daniel Walsh 2005-02-09 13:55:36 EST
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.