Bug 147645 - Rejecting mozilla write access to user_tmp_t causes regression
Summary: Rejecting mozilla write access to user_tmp_t causes regression
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict   
(Show other bugs)
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-10 00:34 UTC by Ivan Gyurdiev
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-23 01:01:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Ivan Gyurdiev 2005-02-10 00:34:21 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
Lots of denials:

denied { write remove_name add_name } user_tmp_t:dir  (/tmp/orbit-user)
denied { write unlink create } user_tmp_t:sock_file (/tmp/orbit-user/*)

For example, 

audit(1107990691.069:0): avc:  denied  { create } for  pid=20857 exe=/usr/lib/firefox-1.0/firefox-bin name=linc-5179-0-4d24a7261151d scontext=user_u:user_r:user_mozilla_t tcontext=user_u:object_r:user_tmp_t tclass=sock_file


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.21.11-2

How reproducible:
Didn't try

Steps to Reproduce:
  

Additional info:

Comment 1 Daniel Walsh 2005-02-10 15:02:32 UTC
Does this fix the problem?
--- mozilla_macros.te~  2005-02-09 15:32:21.000000000 -0500
+++ mozilla_macros.te   2005-02-10 10:01:06.000000000 -0500
@@ -85,6 +85,7 @@
 dontaudit $1_mozilla_t $1_home_t:file setattr;
 }
 file_type_auto_trans($1_mozilla_t, tmp_t, $1_mozilla_rw_t)
+file_type_auto_trans($1_mozilla_t, $1_tmp_t, $1_mozilla_rw_t)

 if (mozilla_writehome) {
 file_type_auto_trans($1_mozilla_t, $1_home_t, $1_mozilla_rw_t)


Comment 2 Ivan Gyurdiev 2005-02-10 17:50:58 UTC
No, because it is writing to existing sockets and not creating them.
If I erase them all they come back on reboot.


Comment 3 Ivan Gyurdiev 2005-02-23 01:01:26 UTC
Well, since it was added back, I'm closing the bug.



Note You need to log in before you can comment on or make changes to this bug.