Bug 155849 - avc: denied { write } for name=rhgb-socket
Summary: avc: denied { write } for name=rhgb-socket
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-24 17:16 UTC by sangu
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: selinux-policy-targeted-1.23.18-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-10 09:55:29 UTC
Type: ---


Attachments (Terms of Use)
dmesg in kernel-2.6.11-1.1268_FC4 (18.28 KB, text/plain)
2005-04-27 16:11 UTC, sangu
no flags Details

Description sangu 2005-04-24 17:16:02 UTC
Description of problem:
in dmesg
[...]
audit(1114306425.761:0): avc:  denied  { write } for  name=rhgb-socket dev=ramfs
ino=6052 scontext=system_u:system_r:init_t tcontext=system_u:object_r:ramfs_t
tclass=sock_file
[...]

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.12-4

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
rhgb-0.16.2-3 kernel-2.6.11-1.1261_FC4

Comment 1 Daniel Walsh 2005-04-26 19:47:51 UTC
Fixed in selinux-policy-*-1.23.13-3

Comment 2 sangu 2005-04-27 16:11:16 UTC
Created attachment 113721 [details]
dmesg in kernel-2.6.11-1.1268_FC4

After installing selinux-policy-*-1.23.13-3, audit error messages are changed
in dmesg.

[...]
audit(1114611219.454:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6990
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
[...]
audit(1114611242.177:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.753:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.905:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611243.042:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611252.611:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t

Comment 3 Daniel Walsh 2005-04-27 16:51:09 UTC
restorecon -v /etc/fstab  
should clear most of them.

Dan

Comment 4 sangu 2005-04-27 17:07:43 UTC
Dan : thank your comments.

/etc/fstab problem is fixed.

$restorecon -v /etc/fstab

After rebooting

$dmesg | grep avc
audit(1114621106.443:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=7080
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1114621145.580:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket


Comment 5 sangu 2005-05-04 10:43:27 UTC
in selinux-policy-targeted-1.23.14-2, kernel-2.6.11-1.1282_FC4

$ dmesg | grep avc
audit(1115168226.367:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6650
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1115168263.211:0): avc:  denied  { search } for  name=rhgb dev=hda8
ino=211872 scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t
tclass=dir



Note You need to log in before you can comment on or make changes to this bug.