Bug 202803 - Errors with amanda: comm="amandad" name="noop" dev=dm-2 ino=67527 scontext=system_u:system_r:amanda_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
Summary: Errors with amanda: comm="amandad" name="noop" dev=dm-2 ino=67527 scontext=sy...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-16 15:09 UTC by Orion Poplawski
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-08-24 20:43:01 UTC


Attachments (Terms of Use)

Description Orion Poplawski 2006-08-16 15:09:25 UTC
Description of problem:

Aug 15 21:00:04 aspen kernel: audit(1155697204.277:454): avc:  denied  {
execute_no_trans } for  pid=15632 comm="amandad" name="noop" dev=dm-2 ino=67527
scontext=system_u:system_r:amanda_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
Aug 15 21:00:04 aspen amandad[15632]: could not exec service
/usr/lib/amanda/noop: Permission denied

/usr/lib/amanda/noop needs to be amanda_exec_t.  Perhaps the rules should be
everything in /usr/lib/amanda is amanda_exec_t except amandad which is
amanda_inetd_exec_t?

Version-Release number of selected component (if applicable):
selinux-policy-2.3.3-8.fc5

Comment 1 Orion Poplawski 2006-08-16 15:24:24 UTC
Well, looks like the server has more files, so the above suggestion isn't right,
but there are more unlabled files:

ls -Z /usr/lib/amanda
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amandad
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amcat.awk
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amcleanupdisk
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amidxtaped
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amindexd
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amlogroll
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.awk
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.g
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.gp
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amtrmidx
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amtrmlog
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  calcsize
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-chio
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-chs
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-disk
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-iomega
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-juke
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-manual
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-mcutil
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-mtx
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-multi
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-null
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-rait
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-rth
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-scsi
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-zd-mtx
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chunker
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  driver
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  dumper
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  killpgrp
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          noop
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  patch-system
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  planner
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  rundump
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  runtar
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  selfcheck
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  sendbackup
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  sendsize
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  taper
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  versionsuffix


Comment 2 Daniel Walsh 2006-08-22 13:42:55 UTC
Fixed in selinux-policy-2.3.7-2.fc5

Comment 3 Daniel Walsh 2006-08-22 14:20:04 UTC
Change to modified

Comment 4 Orion Poplawski 2006-08-24 20:43:01 UTC
confirmed.  thanks!


Note You need to log in before you can comment on or make changes to this bug.