This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 192640 - prelink related AVCs
prelink related AVCs
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-22 09:05 EDT by Dave Jones
Modified: 2015-01-04 17:27 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-15 18:31:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Dave Jones 2006-05-22 09:05:53 EDT
Found in dmesg this morning after the nightly prelink cronjob ran.

audit(1148290428.370:29187): avc:  denied  { execute_no_trans } for  pid=19836
comm="prelink" name="ld-2.4.90.so" dev=dm-0 ino=3047456
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
audit(1148290494.895:29188): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="libhal.so.1.0.0.#prelink#.0DjAiV" dev=dm-0 ino=4723176
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
audit(1148290494.999:29189): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="hald-probe-storage.#prelink#.TPu5zF" dev=dm-0 ino=4723211
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:bin_t:s0
tclass=file
audit(1148290504.112:29190): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="NetworkManager.#prelink#.jV8SvV" dev=dm-0 ino=4726209
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:NetworkManager_exec_t:s0 tclass=file
audit(1148290529.504:29191): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="run_init.#prelink#.Ye2DsA" dev=dm-0 ino=4739664
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:run_init_exec_t:s0 tclass=file
audit(1148290533.468:29192): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="sestatus.#prelink#.DAKgdq" dev=dm-0 ino=4735019
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:sbin_t:s0
tclass=file
audit(1148290536.400:29193): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="partprobe.#prelink#.PisfkL" dev=dm-0 ino=10223817
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0
tclass=file
audit(1148290537.960:29194): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="gdm-binary.#prelink#.0wi71Q" dev=dm-0 ino=4722173
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:xdm_exec_t:s0
tclass=file
audit(1148290538.768:29195): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="hal_lpadmin.#prelink#.moG6gj" dev=dm-0 ino=4741802
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:cupsd_config_exec_t:s0 tclass=file
audit(1148290552.692:29196): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="bluez-pin.#prelink#.eGCBDS" dev=dm-0 ino=4733169
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:bluetooth_helper_exec_t:s0 tclass=file
audit(1148290554.328:29197): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="libxpcom.so.#prelink#.ir2mUy" dev=dm-0 ino=5177716
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
audit(1148290564.385:29198): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="newrole.#prelink#.lQgGlb" dev=dm-0 ino=4734116
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:newrole_exec_t:s0 tclass=file
audit(1148290571.417:29199): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="open_init_pty.#prelink#.O2LHb7" dev=dm-0 ino=4737819
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
audit(1148290578.117:29200): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="hald.#prelink#.vpqKTX" dev=dm-0 ino=4737020
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:hald_exec_t:s0
tclass=file
audit(1148290581.165:29201): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="restorecond.#prelink#.fy56Ot" dev=dm-0 ino=4731120
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:restorecond_exec_t:s0 tclass=file
audit(1148290590.485:29202): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="restorecon.#prelink#.mnUeO4" dev=dm-0 ino=10223733
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:restorecon_exec_t:s0 tclass=file
audit(1148290596.349:29203): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="semodule.#prelink#.eHaP4O" dev=dm-0 ino=4739670
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:semanage_exec_t:s0 tclass=file
audit(1148290596.949:29204): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="load_policy.#prelink#.WpneGP" dev=dm-0 ino=4736656
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:load_policy_exec_t:s0 tclass=file
audit(1148290601.869:29205): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="hal.#prelink#.j2x4Lz" dev=dm-0 ino=6324372
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:cupsd_exec_t:s0
tclass=file
audit(1148290607.525:29206): avc:  denied  { relabelto } for  pid=19834
comm="prelink" name="setfiles.#prelink#.JVigrg" dev=dm-0 ino=4740219
scontext=user_u:system_r:prelink_t:s0
tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
Comment 1 Daniel Walsh 2006-05-23 14:35:53 EDT
Are you running the latest policy?  According to my machine all these rules
would be allowed, except for the first which is caused by a labeling 
ld-2.4.90.so should be labeled ld_so_t, If this is a 64 bit machine, this should
be fixed in tonights policy.

Dan
Comment 2 Dave Jones 2006-05-25 15:05:39 EDT
yes, that was latest policy, and yes, it was on x86-64.
Comment 3 Daniel Walsh 2006-06-15 18:31:21 EDT
Latest versions in Rawhide should fix this problem

Note You need to log in before you can comment on or make changes to this bug.