Bug 188558 - ctlinnd does not work in FC5
ctlinnd does not work in FC5
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-11 02:39 EDT by Tomasz Kepczynski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 16:06:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomasz Kepczynski 2006-04-11 02:39:39 EDT
Description of problem:
ctlinnd does not work in FC5

Version-Release number of selected component (if applicable):
gklab-59-001:~# rpm -q selinux-policy-targeted inn
selinux-policy-targeted-2.2.25-3.fc5
inn-2.4.2-4.2.1

How reproducible:
Always


Steps to Reproduce:
1. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux enforcing
2. command hangs
3. try: /usr/lib/news/bin/ctlinnd throttle '' with selinux permissive
4. command works

gklab-59-001:~# strace /usr/lib/news/bin/ctlinnd throttle ''
execve("/usr/lib/news/bin/ctlinnd", ["/usr/lib/news/bin/ctlinnd", "throttle",
""], [/* 39 vars */]) = 0
...
...
kill(4414, SIG_0)                       = 0
sendto(3, "a\0!/var/run/news/ctlinndUQu4Rl\1r"..., 33, 0, {sa_family=AF_FILE,
path="/var/run/news/control"}, 23) = 33
select(4, [3], NULL, NULL, {120, 0}
^^^^^^ Command hangs here

gklab-59-001:~# ausearch -c innd
...
...
----
time->Tue Apr 11 08:39:29 2006
type=PATH msg=audit(1144737569.258:105): item=0 flags=1  inode=2427192 dev=fd:00
mode=0140777 ouid=0 ogid=0 rdev=00:00
type=SOCKETCALL msg=audit(1144737569.258:105): nargs=6 a0=e a1=8d2fdb0 a2=11
a3=0 a4=bfad916a a5=1d
type=SOCKADDR msg=audit(1144737569.258:105):
saddr=01002F7661722F72756E2F6E6577732F63746C696E6E6455517534526C
type=AVC_PATH msg=audit(1144737569.258:105):  path="/var/run/news/ctlinndUQu4Rl"
type=SYSCALL msg=audit(1144737569.258:105): arch=40000003 syscall=102 success=no
exit=-13 a0=b a1=bfad5100 a2=75da14 a3=11 items=1 pid=4414 auid=43270 uid=9
gid=13 euid=9 suid=9 fsuid=9 egid=13 sgid=13 fsgid=13 comm="innd"
exe="/usr/lib/news/bin/innd"
type=AVC msg=audit(1144737569.258:105): avc:  denied  { sendto } for  pid=4414
comm="innd" name="ctlinndUQu4Rl" scontext=user_u:system_r:innd_t:s0
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=unix_dgram_socket
Comment 2 Daniel Walsh 2006-05-09 12:59:08 EDT
Have to add transition rules from uncofined_t to innd_t,  Have done this in
rawhide policy and will back port it in one week.

selinux-policy-2.2.38-2
Comment 3 Daniel Walsh 2007-03-28 16:06:29 EDT
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.