Description of problem: ctlinnd does not work in FC5 Version-Release number of selected component (if applicable): gklab-59-001:~# rpm -q selinux-policy-targeted inn selinux-policy-targeted-2.2.25-3.fc5 inn-2.4.2-4.2.1 How reproducible: Always Steps to Reproduce: 1. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux enforcing 2. command hangs 3. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux permissive 4. command works gklab-59-001:~# strace /usr/lib/news/bin/ctlinnd throttle '' execve("/usr/lib/news/bin/ctlinnd", ["/usr/lib/news/bin/ctlinnd", "throttle", ""], [/* 39 vars */]) = 0 ... ... kill(4414, SIG_0) = 0 sendto(3, "a\0!/var/run/news/ctlinndUQu4Rl\1r"..., 33, 0, {sa_family=AF_FILE, path="/var/run/news/control"}, 23) = 33 select(4, [3], NULL, NULL, {120, 0} ^^^^^^ Command hangs here gklab-59-001:~# ausearch -c innd ... ... ---- time->Tue Apr 11 08:39:29 2006 type=PATH msg=audit(1144737569.258:105): item=0 flags=1 inode=2427192 dev=fd:00 mode=0140777 ouid=0 ogid=0 rdev=00:00 type=SOCKETCALL msg=audit(1144737569.258:105): nargs=6 a0=e a1=8d2fdb0 a2=11 a3=0 a4=bfad916a a5=1d type=SOCKADDR msg=audit(1144737569.258:105): saddr=01002F7661722F72756E2F6E6577732F63746C696E6E6455517534526C type=AVC_PATH msg=audit(1144737569.258:105): path="/var/run/news/ctlinndUQu4Rl" type=SYSCALL msg=audit(1144737569.258:105): arch=40000003 syscall=102 success=no exit=-13 a0=b a1=bfad5100 a2=75da14 a3=11 items=1 pid=4414 auid=43270 uid=9 gid=13 euid=9 suid=9 fsuid=9 egid=13 sgid=13 fsgid=13 comm="innd" exe="/usr/lib/news/bin/innd" type=AVC msg=audit(1144737569.258:105): avc: denied { sendto } for pid=4414 comm="innd" name="ctlinndUQu4Rl" scontext=user_u:system_r:innd_t:s0 tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=unix_dgram_socket
Have to add transition rules from uncofined_t to innd_t, Have done this in rawhide policy and will back port it in one week. selinux-policy-2.2.38-2
Closing bugs