First Last Prev Next    This bug is not in your last search results.
Bug 147645 - Rejecting mozilla write access to user_tmp_t causes regression
Rejecting mozilla write access to user_tmp_t causes regression
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-09 19:34 EST by Ivan Gyurdiev
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-22 20:01:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Ivan Gyurdiev 2005-02-09 19:34:21 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
Lots of denials:

denied { write remove_name add_name } user_tmp_t:dir  (/tmp/orbit-user)
denied { write unlink create } user_tmp_t:sock_file (/tmp/orbit-user/*)

For example, 

audit(1107990691.069:0): avc:  denied  { create } for  pid=20857 exe=/usr/lib/firefox-1.0/firefox-bin name=linc-5179-0-4d24a7261151d scontext=user_u:user_r:user_mozilla_t tcontext=user_u:object_r:user_tmp_t tclass=sock_file


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.21.11-2

How reproducible:
Didn't try

Steps to Reproduce:
  

Additional info:
Comment 1 Daniel Walsh 2005-02-10 10:02:32 EST 
Does this fix the problem?
--- mozilla_macros.te~  2005-02-09 15:32:21.000000000 -0500
+++ mozilla_macros.te   2005-02-10 10:01:06.000000000 -0500
@@ -85,6 +85,7 @@
 dontaudit $1_mozilla_t $1_home_t:file setattr;
 }
 file_type_auto_trans($1_mozilla_t, tmp_t, $1_mozilla_rw_t)
+file_type_auto_trans($1_mozilla_t, $1_tmp_t, $1_mozilla_rw_t)

 if (mozilla_writehome) {
 file_type_auto_trans($1_mozilla_t, $1_home_t, $1_mozilla_rw_t)
Comment 2 Ivan Gyurdiev 2005-02-10 12:50:58 EST 
No, because it is writing to existing sockets and not creating them.
If I erase them all they come back on reboot.
Comment 3 Ivan Gyurdiev 2005-02-22 20:01:26 EST 
Well, since it was added back, I'm closing the bug.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.