Bug 166095 - kudzu was denied when moving modprobe.conf
kudzu was denied when moving modprobe.conf
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-16 17:18 EDT by Vladimir Kotal
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.25.4-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-30 02:09:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dmesg showing selinux targeted policy problem with kudzu (17.05 KB, text/plain)
2005-08-16 17:22 EDT, Vladimir Kotal
no flags Details

  None (edit)
Description Vladimir Kotal 2005-08-16 17:18:07 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
targeted policy does not allow kudzu to move modprobe.conf.
I have come along this problem when adding sound card to my computer. After rebooting with new sound card in, selinux messages appeared in dmesg. Luckily, the sound card worked even though kudzu was not allowed to complete the move.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-6, libselinux-1.23.10-2, kernel-2.6.12-1.1398_FC4, kudzu-1.1.116.2-2

How reproducible:
Didn't try

Steps to Reproduce:
1. add some hardware which results in kudzu manipulating modprobe.conf (e.g. sound card)
2. note selinux messages in dmesg
  

Actual Results:  following messages appeared in dmesg:

SELinux: initialized (dev hda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
kjournald starting.  Commit interval 5 seconds
EXT3 FS on sda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: initialized (dev sda1, type ext3), uses xattr
Adding 1048568k swap on /dev/VolGroup00/LogVol01.  Priority:-1 extents:1
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
audit(1124138219.994:3): avc:  denied  { rename } for  pid=1809 comm="kudzu" name="modprobe.conf" dev=dm-0 ino=2329782 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:modules_conf_t tclass=file
audit(1124138219.994:4): avc:  denied  { rename } for  pid=1809 comm="kudzu" name="modprobe.conf" dev=dm-0 ino=2329782 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:modules_conf_t tclass=file


Expected Results:  allow kudzu to rename modprobe.conf

Additional info:
Comment 1 Vladimir Kotal 2005-08-16 17:22:10 EDT
Created attachment 117812 [details]
dmesg showing selinux targeted policy problem with kudzu

For those interested, I am pasting the whole dmesg showing kudzu induced
selinux messages. (side note:there are also also some selinux dhclient-related
messages)
Comment 2 Daniel Walsh 2005-08-25 15:20:57 EDT
fixed in selinux-policy-targeted-1.25.4-10
Comment 3 Walter Justen 2005-08-30 02:09:55 EDT
Thanks for the bug report. This particular bug was fixed and a update package
was published for download. Please feel free to report any further bugs you find.

Note You need to log in before you can comment on or make changes to this bug.