Bug 151395 - avc: denied [...] exe=/sbin/consoletype
avc: denied [...] exe=/sbin/consoletype
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-17 11:19 EST by sangu
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-targeted-1.23.3-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-19 21:43:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg (18.44 KB, text/plain)
2005-03-17 11:19 EST, sangu
no flags Details

  None (edit)
Description sangu 2005-03-17 11:19:08 EST
Description of problem:
in dmesg
[...]
audit(1111075510.556:0): avc:  denied  { read write } for  pid=8141
exe=/sbin/consoletype path=/dev/tty dev=tmpfs ino=2162
scontext=user_u:system_r:consoletype_t tcontext=system_u:object_r:devtty_t
tclass=chr_file

$ls -lZ /sbin/consoletype
-rwxr-xr-x  root     root     system_u:object_r:consoletype_exec_t /sbin/consoletype


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.2-1

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
initscripts-8.05-1
Comment 1 sangu 2005-03-17 11:19:08 EST
Created attachment 112096 [details]
dmesg
Comment 2 Daniel Walsh 2005-03-17 11:42:48 EST
Fixed in selinux-policy-targeted-1.23.3-1
Comment 3 sangu 2005-03-19 08:58:19 EST
This problem happens in selinux-policy-targeted-1.23.3-2
in dmesg
[...]
audit(1111240183.613:0): avc:  denied  { read write } for  pid=3519
exe=/sbin/consoletype path=/dev/tty dev=tmpfs ino=2107
scontext=user_u:system_r:consoletype_t tcontext=system_u:object_r:devtty_t
tclass=chr_file


$ls -lZ /sbin/consoletype
-rwxr-xr-x  root     root     system_u:object_r:consoletype_exec_t /sbin/consoletype

Whenever mc does be excuted, this problem happens.

mc 4.6.1a-0.5.
Comment 4 Daniel Walsh 2005-03-19 15:40:08 EST
in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be
present?  restorecon -R -v /sbin/consoletype should change it's context to sbin_t.

If it does not you probably have a version of consoletype.te in
/etc/selinux/targeted/src/policy/domains/program/consoletype.te

Please remove it.
make -c /etc/selinux/targeted/src/policy load

Then restorecon /sbin/consoletype
Dan
Comment 5 sangu 2005-03-19 21:42:22 EST
(In reply to comment #4)
> in selinux-policy-targeted-1.23.3-2 the consoletype policy should no longer be
> present?  restorecon -R -v /sbin/consoletype should change it's context to sbin_t.
>
Not Fixed.
 
> If it does not you probably have a version of consoletype.te in
> /etc/selinux/targeted/src/policy/domains/program/consoletype.te
> Please remove it.
It's no present in /etc/selinux/targeted/src/policy/domains/program/.

> make -c /etc/selinux/targeted/src/policy load
in dmesg
[...]
audit(1111286164.417:0): avc:  granted  { load_policy } for  pid=3956
exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
security:  3 users, 5 roles, 585 types, 61 bools
security:  54 classes, 70952 rules
security:  invalidating context system_u:object_r:hostname_exec_t
security:  invalidating context user_u:system_r:hostname_t
security:  invalidating context system_u:object_r:consoletype_exec_t
security:  invalidating context user_u:system_r:consoletype_t
security:  invalidating context root:system_r:consoletype_t
 
> Then restorecon /sbin/consoletype

This bug 15139 doesn't appear. Fixed

> Dan

Thanks you, Dan.

Note You need to log in before you can comment on or make changes to this bug.