1858738 – passwd causes AVC

Bug 1858738 - passwd causes AVC

Summary: passwd causes AVC

Keywords:
Status:	CLOSED DUPLICATE of bug 1853730
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-20 09:13 UTC by Ondrej Mejzlik
Modified:	2020-07-20 13:56 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-20 13:56:34 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ondrej Mejzlik 2020-07-20 09:13:08 UTC

Description of problem:
The passwd command causes AVC error when running sanity test for vsftpd on rawhide fc33.

Version-Release number of selected component (if applicable):
selinux-policy-3.14.6-20.fc33.noarch

How reproducible:
Always

Steps to Reproduce:
1. Schedule /CoreOS/vsftpd/Sanity/bz641239-RFE-vsftpd-can-not-handle-square-brackets-in-ls on fc33 in Beaker

Actual results:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-3.14.6-20.fc33.noarch
----
time->Mon Jul 20 04:32:28 2020
type=AVC msg=audit(1595233948.542:198): avc:  denied  { getattr } for  pid=2729 comm="passwd" name="/" dev="proc" ino=1 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0
----
time->Mon Jul 20 04:32:28 2020
type=AVC msg=audit(1595233948.594:199): avc:  denied  { getattr } for  pid=2730 comm="passwd" name="/" dev="proc" ino=1 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0
----
time->Mon Jul 20 04:32:28 2020
type=AVC msg=audit(1595233948.713:200): avc:  denied  { getattr } for  pid=2738 comm="passwd" name="/" dev="proc" ino=1 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0

Expected results:
No AVC error

Additional info:
The error was not there in selinux-policy-3.14.6-15.fc33.noarch

Comment 2 Zdenek Pytela 2020-07-20 13:56:34 UTC

Likely a result of glibc or other library change.

*** This bug has been marked as a duplicate of bug 1853730 ***

Note You need to log in before you can comment on or make changes to this bug.