Bug 169999 - avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket
Summary: avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:n...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted   
(Show other bugs)
Version: 4.0
Hardware: All Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: Regression
Depends On:
Blocks: 168429
TreeView+ depends on / blocked
 
Reported: 2005-10-06 11:58 UTC by Peter Bieringer
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHBA-2006-0049
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 18:11:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0049 qe-ready SHIPPED_LIVE selinux-policy bug fix update 2006-03-06 05:00:00 UTC

Description Peter Bieringer 2005-10-06 11:58:43 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

Description of problem:
Upper message was found in log

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.110

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to RHEL4U2
2. restart nscd
  

Actual Results:  log line:
audit(1128599883.598:7): avc:  denied  { create } for  pid=9407 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket


Expected Results:  No such log line


Additional info:

System is fresh relabeled.

BTW: impact to proper work of nscd is currently unknown, because system is running in state "permissive" at the moment (digging into another issue...).

Comment 1 Peter Bieringer 2005-10-06 12:08:46 UTC
After fresh loadin of policy (changed a boolean to solve another problem),
following occurs in log:

audit(1128600569.610:43): avc:  denied  { write } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:44): avc:  denied  { nlmsg_relay } for  pid=9408
comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:45): avc:  denied  { read } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket


Comment 2 wilksen 2005-10-06 21:18:17 UTC
Confirmed here. This apparently affects also NetworkManager working correctly
which did function before upgrading to RHEL4 U2. I do see the same audit logs
when starting NetworkManager. 

Comment 3 Daniel Walsh 2005-10-07 20:50:57 UTC
Fixed in selinux-policy-targeted-1.17.30-2.113

Available for test at ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3

Comment 4 Shing-Shong Shei 2005-10-15 16:42:59 UTC
This is probably related to the selinux policy change, I noticed the
following error in /var/log/messages:

---------------------
dbus: Can't send to audit system: USER_AVC pid=2711 uid=81 loginuid=-1
message=avc:  1 AV entries and 1/512 buckets used, longest chain length 1
---------------------

Users have complained that USB memory stick stopped being automounted
and here is the error messages:

---------------------
...
Oct 15 10:46:11 apiucf4 kernel: usb 5-1: new full speed USB device using address 2
Oct 15 10:46:13 apiucf4 kernel: Initializing USB Mass Storage driver...
Oct 15 10:46:13 apiucf4 kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Oct 15 10:46:13 apiucf4 kernel:   Vendor: Generic   Model: PEN DISK         
Rev: 7.78
Oct 15 10:46:13 apiucf4 kernel:   Type:   Direct-Access                     
ANSI SCSI revision: 02
Oct 15 10:46:13 apiucf4 kernel: SCSI device sdc: 256000 512-byte hdwr sectors
(131 MB)
Oct 15 10:46:13 apiucf4 kernel: sdc: assuming drive cache: write through
Oct 15 10:46:13 apiucf4 kernel:  sdc: sdc1
Oct 15 10:46:13 apiucf4 kernel: Attached scsi disk sdc at scsi2, channel 0, id
0, lun 0
Oct 15 10:46:13 apiucf4 kernel: usbcore: registered new driver usb-storage
Oct 15 10:46:13 apiucf4 kernel: USB Mass Storage support registered.
Oct 15 10:46:13 apiucf4 scsi.agent[4797]: disk at
/devices/pci0000:00/0000:00:1d.3/usb5/5-1/5-1:1.0/host2/target2:0:0/2:0:0:0
Oct 15 10:46:14 apiucf4 fstab-sync[4856]: added mount point /media/PEN_DISK for
/dev/sdc1
Oct 15 10:46:15 apiucf4 dbus: Can't send to audit system: USER_AVC pid=2824
uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
 scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Oct 15 10:46:30 apiucf4 last message repeated 3 times
...
--------------------------

Thanks,
Bruce

Comment 5 Daniel Walsh 2005-10-15 17:00:01 UTC

*** This bug has been marked as a duplicate of 170064 ***

Comment 8 Red Hat Bugzilla 2006-03-07 18:11:37 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0049.html



Note You need to log in before you can comment on or make changes to this bug.