Bug 156334 - rhgb denied by rhgb_t with mounton to /etc/rhgb/temp
Summary: rhgb denied by rhgb_t with mounton to /etc/rhgb/temp
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-29 00:11 UTC by Che Gonzalez
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-04-29 17:50:27 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Che Gonzalez 2005-04-29 00:11:04 UTC 
Description of problem:

At first, I thought of logging this bug in as an selinux bug since testing my
strict policy fails on the line "allow rhgb_t etc_t:dir mounton;".  However
after looking at the log entry below, I wondered if any process, other than some
remote workstation process, should have mounton anywhere near /etc.  

Apr 28 19:32:54 xix kernel: audit(1114716755.277:0): avc:  denied  { mounton }
for  path=/etc/rhgb/temp dev=dm-0 ino=17467378 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:etc_t tclass=dir

Version-Release number of selected component (if applicable):
rhgb-0.16.2-3

How reproducible:
On Boot

Steps to Reproduce:
1. Set selinux policy to strict and permissive
2. Reboot
3. See /var/log/messages for avc message of rhgb_t accessing /etc/rhgb/temp
  
Actual results:
rhgb_t attempts to access /etc/rhgb/temp

Expected results:
rhgb_t should access /tmp/rhgb

Additional info:
maybe a strict policy update is required for rhgb
Comment 1 David Zeuthen 2005-04-29 00:39:17 UTC 
Reassigned to selinux-policy-strict.
Comment 2 Daniel Walsh 2005-04-29 17:50:27 UTC 
/etc/rhgb/temp is mislabeled.  Should be mnt_t

restorecon -R -v /etc/rhgb
Note You need to log in before you can comment on or make changes to this bug.