Bug 1460237 - selinux block sys_ptrace calls from snmpd
selinux block sys_ptrace calls from snmpd
Status: ASSIGNED
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
27
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Lukas Vrabec
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-09 08:50 EDT by David Hill
Modified: 2017-08-15 04:44 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Hill 2017-06-09 08:50:28 EDT
Description of problem:

type=AVC msg=audit(1495662899.501:15377): avc:  denied  { sys_ptrace } for  pid=1304 comm="snmpd" capability=19  scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=cap_userns permissive=1
type=AVC msg=audit(1495662899.511:15378): avc:  denied  { sys_ptrace } for  pid=1304 comm="snmpd" capability=19  scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=cap_userns permissive=1


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set selinux in permissing
2. Reboot the host
3. grep denied /var/log/audit/*.log

Actual results:
sys_ptrace calls are blocked

Expected results:
Allowed or hidden

Additional info:
Comment 1 Daniel Walsh 2017-06-09 10:06:37 EDT
These most likely should be dontaudited.
Comment 2 Jan Kurik 2017-08-15 04:44:39 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle.
Changing version to '27'.

Note You need to log in before you can comment on or make changes to this bug.