Bug 202803 - Errors with amanda: comm="amandad" name="noop" dev=dm-2 ino=67527 scontext=system_u:system_r:amanda_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file
Errors with amanda: comm="amandad" name="noop" dev=dm-2 ino=67527 scontext=sy...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-16 11:09 EDT by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.3.7-2.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-24 16:43:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2006-08-16 11:09:25 EDT
Description of problem:

Aug 15 21:00:04 aspen kernel: audit(1155697204.277:454): avc:  denied  {
execute_no_trans } for  pid=15632 comm="amandad" name="noop" dev=dm-2 ino=67527
scontext=system_u:system_r:amanda_t:s0 tcontext=system_u:object_r:lib_t:s0
tclass=file
Aug 15 21:00:04 aspen amandad[15632]: could not exec service
/usr/lib/amanda/noop: Permission denied

/usr/lib/amanda/noop needs to be amanda_exec_t.  Perhaps the rules should be
everything in /usr/lib/amanda is amanda_exec_t except amandad which is
amanda_inetd_exec_t?

Version-Release number of selected component (if applicable):
selinux-policy-2.3.3-8.fc5
Comment 1 Orion Poplawski 2006-08-16 11:24:24 EDT
Well, looks like the server has more files, so the above suggestion isn't right,
but there are more unlabled files:

ls -Z /usr/lib/amanda
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amandad
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amcat.awk
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amcleanupdisk
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amidxtaped
-rwxr-xr-x  amanda disk system_u:object_r:amanda_inetd_exec_t amindexd
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amlogroll
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.awk
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.g
-rw-r--r--  amanda disk system_u:object_r:amanda_script_exec_t amplot.gp
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amtrmidx
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  amtrmlog
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  calcsize
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-chio
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-chs
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-disk
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-iomega
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-juke
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-manual
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-mcutil
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-mtx
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-multi
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-null
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chg-rait
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-rth
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-scsi
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  chg-zd-mtx
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          chunker
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  driver
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  dumper
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  killpgrp
-rwxr-xr-x  amanda disk system_u:object_r:lib_t          noop
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  patch-system
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  planner
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  rundump
-rwsr-x---  root   disk system_u:object_r:amanda_exec_t  runtar
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  selfcheck
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  sendbackup
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  sendsize
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  taper
-rwxr-xr-x  amanda disk system_u:object_r:amanda_exec_t  versionsuffix
Comment 2 Daniel Walsh 2006-08-22 09:42:55 EDT
Fixed in selinux-policy-2.3.7-2.fc5
Comment 3 Daniel Walsh 2006-08-22 10:20:04 EDT
Change to modified
Comment 4 Orion Poplawski 2006-08-24 16:43:01 EDT
confirmed.  thanks!

Note You need to log in before you can comment on or make changes to this bug.