Bug 202992 - avc: denied { unlink } for pid=26168 comm="prelink" name="pnmdepth" dev=dm-2 ino=34481 scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
avc: denied { unlink } for pid=26168 comm="prelink" name="pnmdepth" dev=dm...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-17 14:00 EDT by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.4.5-4.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-14 17:13:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2006-08-17 14:00:27 EDT
Description of problem:

Just saw this once for the first time yesterday:

Aug 16 04:22:47 irimi kernel: audit(1155723767.543:270): avc:  denied  { unlink
} for  pid=26168 comm="prelink" name="pnmdepth" dev=dm-2 ino=34481
scontext=user_u:system_r:prelink_t:s0 tcontext=system_u:object_r:bin_t:s0
tclass=lnk_file

lrwxrwxrwx 1 root root 8 Aug 15 05:36 /usr/bin/pnmdepth -> pamdepth
lrwxrwxrwx  root root system_u:object_r:bin_t          /usr/bin/pnmdepth -> pamdepth

The netpbm package was updated the previous day:
Aug 15 05:34:53 Updated: netpbm.i386 10.34-1.fc5
Aug 15 05:37:09 Updated: netpbm-progs.i386 10.34-1.fc5
Aug 15 05:37:12 Updated: netpbm-devel.i386 10.34-1.fc5


Version-Release number of selected component (if applicable):
selinux-policy-2.3.3-8.fc5

How reproducible:
Can't yet.

Additional info:

Tried to reproduce this by running /etc/cron.daily/prelink by hand in a shell
and got several of these:

Aug 17 12:04:08 irimi kernel: audit(1155837848.339:271): avc:  denied  { read
write } for  pid=15386 comm="prelink" name="7" dev=devpts ino=9
scontext=root:system_r:prelink_t:s0-s0:c0.c255
tcontext=root:object_r:devpts_t:s0 tclass=chr_file
Comment 1 Daniel Walsh 2006-08-18 08:29:49 EDT
Fixed in selinux-policy-2.3.8-1
Comment 2 Orion Poplawski 2006-12-14 17:13:47 EST
Have not seen with 2.4.5-4.fc5

Note You need to log in before you can comment on or make changes to this bug.