Bug 147645 - Rejecting mozilla write access to user_tmp_t causes regression
Rejecting mozilla write access to user_tmp_t causes regression
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-09 19:34 EST by Ivan Gyurdiev
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-22 20:01:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ivan Gyurdiev 2005-02-09 19:34:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
Lots of denials:

denied { write remove_name add_name } user_tmp_t:dir  (/tmp/orbit-user)
denied { write unlink create } user_tmp_t:sock_file (/tmp/orbit-user/*)

For example, 

audit(1107990691.069:0): avc:  denied  { create } for  pid=20857 exe=/usr/lib/firefox-1.0/firefox-bin name=linc-5179-0-4d24a7261151d scontext=user_u:user_r:user_mozilla_t tcontext=user_u:object_r:user_tmp_t tclass=sock_file


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.21.11-2

How reproducible:
Didn't try

Steps to Reproduce:
  

Additional info:
Comment 1 Daniel Walsh 2005-02-10 10:02:32 EST
Does this fix the problem?
--- mozilla_macros.te~  2005-02-09 15:32:21.000000000 -0500
+++ mozilla_macros.te   2005-02-10 10:01:06.000000000 -0500
@@ -85,6 +85,7 @@
 dontaudit $1_mozilla_t $1_home_t:file setattr;
 }
 file_type_auto_trans($1_mozilla_t, tmp_t, $1_mozilla_rw_t)
+file_type_auto_trans($1_mozilla_t, $1_tmp_t, $1_mozilla_rw_t)

 if (mozilla_writehome) {
 file_type_auto_trans($1_mozilla_t, $1_home_t, $1_mozilla_rw_t)
Comment 2 Ivan Gyurdiev 2005-02-10 12:50:58 EST
No, because it is writing to existing sockets and not creating them.
If I erase them all they come back on reboot.
Comment 3 Ivan Gyurdiev 2005-02-22 20:01:26 EST
Well, since it was added back, I'm closing the bug.

Note You need to log in before you can comment on or make changes to this bug.