Bug 204176 - can't redirect stdout of dmidecode to a file
can't redirect stdout of dmidecode to a file
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-26 09:07 EDT by Andre Robatino
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-2.3.7-3.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-16 10:51:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andre Robatino 2006-08-26 09:07:27 EDT
Description of problem:
  Running

dmidecode > dmidecode.txt

results in a 0-byte file, even though stdout is normal if one just runs
"dmidecode", and even though the above command results in nothing going to
stdout.  The output doesn't go anywhere, it just vanishes.

Version-Release number of selected component (if applicable):
dmidecode-2.7-1.23

How reproducible:
always

Steps to Reproduce:
1.  Run "dmidecode > dmidecode.txt" as root.
  
Actual results:
dmidecode.txt is a 0-byte file.

Expected results:
dmidecode.txt should contain what normally goes to stdout when one runs "dmidecode".
Comment 1 Andre Robatino 2006-08-26 09:36:28 EDT
  In /var/log/messages, when running "dmidecode > dmidecode.txt", I get

Aug 26 09:32:29 localhost kernel: audit(1156599149.690:8): avc:  denied  { write
} for  pid=7223 comm="dmidecode" name="dmidecode.txt" dev=dm-0 ino=11784984
scontext=user_u:system_r:dmidecode_t:s0 tcontext=user_u:object_r:user_home_t:s0
tclass=file

Does this mean it's an SELinux bug instead?  If so, please reassign.  Thanks.
Comment 2 Andre Robatino 2006-08-26 09:42:29 EDT
  Interestingly, "biosdecode" doesn't have this problem, though "vpddecode"
does.  I don't know if "ownership" has it since it has no output on my machine
anyway.
Comment 3 Daniel Walsh 2006-08-28 09:55:24 EDT
dmidecode should not be transitioned to by unconfined_t.  THis will be fixed in
the next released policy code.  For the time being you can trick it by executing

dmidecode | cat > dmidecode.txt
Comment 4 Andre Robatino 2006-08-28 11:16:29 EDT
  dmidecode, vpddecode, and ownership all generate the write denied message when
redirecting to a file, so make sure the policy code fixes all three (and thanks
for the workaround!).
Comment 5 Daniel Walsh 2006-08-28 12:48:45 EDT
Yes all files labeled dmidecode_exec_t will abide by the change.  SELinux does
not care about file names/paths, but file_context.  So ls -lZ
/usr/sbin/ownership shows it labeled dmidecode_exec_t so it will fallow this policy.
Comment 6 Daniel Walsh 2006-08-28 15:33:02 EDT
Fixed in selinux-policy-2.3.7-3.fc5
Comment 7 Andre Robatino 2006-10-25 05:57:30 EDT
  Don't think so.  Just checked that this problem still exists in FC6,
selinux-policy-2.3.18-10.
Comment 8 Daniel Walsh 2006-10-25 10:33:37 EDT
Check it against selinux-policy-2.4.1-3 which just went up for testing.
Comment 9 Andre Robatino 2006-10-26 06:31:12 EDT
  Appears fixed when using selinux-policy-2.4.1-3 and
selinux-policy-targeted-2.4.1-3.

Note You need to log in before you can comment on or make changes to this bug.