Bug 173682 - Denies access to fstab-sync and dbus-daemon
Denies access to fstab-sync and dbus-daemon
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2005-11-18 16:36 EST by Graham Campbell
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-05 10:22:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Graham Campbell 2005-11-18 16:36:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
audit.log reports denials to fstab-sync and dbus-daemon. See below for typical messages.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Use FC4 updated nightly via yum 
2.Install hal-0.5.2-2 and dbus-0.33-3.fc4.1
3.Plug in USB device
4. Check audit logs

Expected Results:  No denial errors for standard daemons.

Additional info:

From audit.log:
type=AVC msg=audit(1129489817.456:9): avc:  denied  { write } for  pid=1932 comm="fstab-sync" name="log" dev=tmpfs ino=4625 scontext=system_u:system_r:updfstab_t tcontext=system_u:object_r:device_t tclass=sock_file
type=AVC msg=audit(1129489817.456:9): avc:  denied  { sendto } for  pid=1932 comm="fstab-sync" name="log" scontext=system_u:system_r:updfstab_t tcontext=system_u:system_r:initrc_t tclass=unix_dgram_socket
type=SYSCALL msg=audit(1129489817.456:9): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfbc9ed0 a2=aacff4 a3=81c9c24 items=1 pid=1932 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="fstab-sync" exe="/usr/sbin/fstab-sync"
Comment 1 Daniel Walsh 2005-11-21 11:57:29 EST
This looks like this may be a hal/udev problem.  Why is /dev/log labeled
device_t.  It should be labeled devlog_t which is what udev is supposed to give it.

Comment 2 John Thacker 2006-05-05 10:22:14 EDT
Closing due to lack of response.

Note You need to log in before you can comment on or make changes to this bug.