Bug 137689 - portmap policy not accounting for netlink socket
Summary: portmap policy not accounting for netlink socket
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC3Blocker
TreeView+ depends on / blocked
 
Reported: 2004-10-30 18:38 UTC by Ulrich Drepper
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: 1.17.30-2.14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-11-01 18:56:21 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
add required permissions (434 bytes, patch)
2004-10-30 18:38 UTC, Ulrich Drepper 		no flags Details | Diff
View All

Description Ulrich Drepper 2004-10-30 18:38:54 UTC 
Description of problem:
The portmap daemon does not start up with the current targeted policy since it
is not allowed to use the route netlink socket.  This is used through the glibc
functions related to RPC.  It's only read access which is needed, similar to
what has been done for nscd.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.11

How reproducible:
always

Steps to Reproduce:
1.start portmap
2.
3.
  
Actual results:
Oct 30 11:24:05 fw kernel: audit(1099160645.162:0): avc:  denied  { create } for
 pid=2209 exe=/sbin/portmap scontext=user_u:system_r:portmap_t
tcontext=user_u:system_r:portmap_t tclass=netlink_route_socket


Expected results:
No such message

Additional info:
The attached patch fixes the problem for me.
Comment 1 Ulrich Drepper 2004-10-30 18:38:55 UTC 
Created attachment 105980 [details]
add required permissions
Comment 2 Daniel Walsh 2004-11-01 18:45:15 UTC 
Fixed in selinux-policy-targeted-1.17.30-2.14
Comment 3 Ulrich Drepper 2004-11-01 18:56:21 UTC 
Confirmed fixed.
Note You need to log in before you can comment on or make changes to this bug.