Bug 169999 - avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket
avc: denied { create } for pid=8460 comm="nscd" scontext=user_u:system_r:n...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Regression
Depends On:
Blocks: 168429
  Show dependency treegraph
 
Reported: 2005-10-06 07:58 EDT by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0049
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 13:11:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2005-10-06 07:58:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

Description of problem:
Upper message was found in log

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.110

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to RHEL4U2
2. restart nscd
  

Actual Results:  log line:
audit(1128599883.598:7): avc:  denied  { create } for  pid=9407 comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t tclass=netlink_audit_socket


Expected Results:  No such log line


Additional info:

System is fresh relabeled.

BTW: impact to proper work of nscd is currently unknown, because system is running in state "permissive" at the moment (digging into another issue...).
Comment 1 Peter Bieringer 2005-10-06 08:08:46 EDT
After fresh loadin of policy (changed a boolean to solve another problem),
following occurs in log:

audit(1128600569.610:43): avc:  denied  { write } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:44): avc:  denied  { nlmsg_relay } for  pid=9408
comm="nscd" scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
audit(1128600569.610:45): avc:  denied  { read } for  pid=9408 comm="nscd"
scontext=user_u:system_r:nscd_t tcontext=user_u:system_r:nscd_t
tclass=netlink_audit_socket
Comment 2 wilksen 2005-10-06 17:18:17 EDT
Confirmed here. This apparently affects also NetworkManager working correctly
which did function before upgrading to RHEL4 U2. I do see the same audit logs
when starting NetworkManager. 
Comment 3 Daniel Walsh 2005-10-07 16:50:57 EDT
Fixed in selinux-policy-targeted-1.17.30-2.113

Available for test at ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3
Comment 4 Shing-Shong Shei 2005-10-15 12:42:59 EDT
This is probably related to the selinux policy change, I noticed the
following error in /var/log/messages:

---------------------
dbus: Can't send to audit system: USER_AVC pid=2711 uid=81 loginuid=-1
message=avc:  1 AV entries and 1/512 buckets used, longest chain length 1
---------------------

Users have complained that USB memory stick stopped being automounted
and here is the error messages:

---------------------
...
Oct 15 10:46:11 apiucf4 kernel: usb 5-1: new full speed USB device using address 2
Oct 15 10:46:13 apiucf4 kernel: Initializing USB Mass Storage driver...
Oct 15 10:46:13 apiucf4 kernel: scsi2 : SCSI emulation for USB Mass Storage devices
Oct 15 10:46:13 apiucf4 kernel:   Vendor: Generic   Model: PEN DISK         
Rev: 7.78
Oct 15 10:46:13 apiucf4 kernel:   Type:   Direct-Access                     
ANSI SCSI revision: 02
Oct 15 10:46:13 apiucf4 kernel: SCSI device sdc: 256000 512-byte hdwr sectors
(131 MB)
Oct 15 10:46:13 apiucf4 kernel: sdc: assuming drive cache: write through
Oct 15 10:46:13 apiucf4 kernel:  sdc: sdc1
Oct 15 10:46:13 apiucf4 kernel: Attached scsi disk sdc at scsi2, channel 0, id
0, lun 0
Oct 15 10:46:13 apiucf4 kernel: usbcore: registered new driver usb-storage
Oct 15 10:46:13 apiucf4 kernel: USB Mass Storage support registered.
Oct 15 10:46:13 apiucf4 scsi.agent[4797]: disk at
/devices/pci0000:00/0000:00:1d.3/usb5/5-1/5-1:1.0/host2/target2:0:0/2:0:0:0
Oct 15 10:46:14 apiucf4 fstab-sync[4856]: added mount point /media/PEN_DISK for
/dev/sdc1
Oct 15 10:46:15 apiucf4 dbus: Can't send to audit system: USER_AVC pid=2824
uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
 scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Oct 15 10:46:30 apiucf4 last message repeated 3 times
...
--------------------------

Thanks,
Bruce
Comment 5 Daniel Walsh 2005-10-15 13:00:01 EDT

*** This bug has been marked as a duplicate of 170064 ***
Comment 8 Red Hat Bugzilla 2006-03-07 13:11:37 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0049.html

Note You need to log in before you can comment on or make changes to this bug.