Bug 145755 - Home_root_t denial and fix
Summary: Home_root_t denial and fix
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-21 03:16 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-01-22 21:14:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-01-21 03:16:27 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
audit(1106272260.289:0): avc:  denied  { getattr } for  pid=26981
exe=/usr/sbin/smbd path=/home dev=dm-2 ino=2
scontext=system_u:system_r:smbd_t
tcontext=system_u:object_r:home_root_t tclass=dir

--- admin.te    2005-01-20 20:07:35.000000000 -0700
+++ admin.new   2005-01-20 20:07:47.000000000 -0700
@@ -7,7 +7,7 @@
 ifdef(`direct_sysadm_daemon', `, priv_system_role')
 ; dnl end of sysadm_t type declaration

-allow privhome home_root_t:dir search;
+allow privhome home_root_t:dir { getattr search };

 # system_r is authorized for sysadm_t for single-user mode.
 role system_r types sysadm_t;


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Access a home directory exported via samba.
    

Additional info:

Comment 1 Daniel Walsh 2005-01-21 17:47:39 UTC
Fixed in selinux-policy-*-1.21.2-7


Note You need to log in before you can comment on or make changes to this bug.