Bug 155849 - avc: denied { write } for name=rhgb-socket
avc: denied { write } for name=rhgb-socket
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-24 13:16 EDT by sangu
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-targeted-1.23.18-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-10 05:55:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg in kernel-2.6.11-1.1268_FC4 (18.28 KB, text/plain)
2005-04-27 12:11 EDT, sangu
no flags Details

  None (edit)
Description sangu 2005-04-24 13:16:02 EDT
Description of problem:
in dmesg
[...]
audit(1114306425.761:0): avc:  denied  { write } for  name=rhgb-socket dev=ramfs
ino=6052 scontext=system_u:system_r:init_t tcontext=system_u:object_r:ramfs_t
tclass=sock_file
[...]

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.12-4

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
rhgb-0.16.2-3 kernel-2.6.11-1.1261_FC4
Comment 1 Daniel Walsh 2005-04-26 15:47:51 EDT
Fixed in selinux-policy-*-1.23.13-3
Comment 2 sangu 2005-04-27 12:11:16 EDT
Created attachment 113721 [details]
dmesg in kernel-2.6.11-1.1268_FC4

After installing selinux-policy-*-1.23.13-3, audit error messages are changed
in dmesg.

[...]
audit(1114611219.454:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6990
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
[...]
audit(1114611242.177:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.753:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.905:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611243.042:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611252.611:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t
Comment 3 Daniel Walsh 2005-04-27 12:51:09 EDT
restorecon -v /etc/fstab  
should clear most of them.

Dan
Comment 4 sangu 2005-04-27 13:07:43 EDT
Dan : thank your comments.

/etc/fstab problem is fixed.

$restorecon -v /etc/fstab

After rebooting

$dmesg | grep avc
audit(1114621106.443:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=7080
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1114621145.580:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket
Comment 5 sangu 2005-05-04 06:43:27 EDT
in selinux-policy-targeted-1.23.14-2, kernel-2.6.11-1.1282_FC4

$ dmesg | grep avc
audit(1115168226.367:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6650
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1115168263.211:0): avc:  denied  { search } for  name=rhgb dev=hda8
ino=211872 scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t
tclass=dir

Note You need to log in before you can comment on or make changes to this bug.