Bug 158871 - acpid socket mislabeled
acpid socket mislabeled
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-26 10:05 EDT by Colin Walters
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-25 10:57:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Colin Walters 2005-05-26 10:05:26 EDT
Description of problem:
type=AVC msg=audit(1117116099.329:241743): avc:  denied  { unlink } for 
name=acpid.socket dev=dm-0 ino=33694 scontext=root:system_r:apmd_t
tcontext=system_u:object_r:var_run_t tclass=sock_file
type=PATH msg=audit(1117116099.329:241743): item=0 name="/var/run/acpid.socket"
inode=32612 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00type=SYSCALL
msg=audit(1117116099.329:241743): syscall=10 arch=40000003 success=yes exit=0
a0=804af99 a1=2 a2=0 a3=400 items=1 pid=29536 loginuid=-1 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=acpid exe=/usr/sbin/acpid

Sometimes apcid doesn't start; looks like acpid.socket gets the wrong context.
This doesn't happen all of the time; actually it does seem to roughly correspond
with when i've 'yum update'd.  Perhaps it has something to do with policy upgrades?
Comment 1 Daniel Walsh 2005-06-08 13:34:13 EDT
I don't see how this can happen, unless some unconfined_t process tried to run
acpid directly.  (No transition).

I checked the spec file and the initrc scripts.  THey should all create the file
with the proper context.

Dan
Comment 2 Colin Walters 2005-06-13 14:47:54 EDT
Ok, we can close it I guess then; dunno.  If it happens again I'll try to track
it down.

Note You need to log in before you can comment on or make changes to this bug.