205600 – avc: denied { rename } for pid=5838 comm="smbd" name="heliopsis.log" dev=dm-2 ino=95461 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0 tclass=file

Bug 205600 - avc: denied { rename } for pid=5838 comm="smbd" name="heliopsis.log" dev=dm-2 ino=95461 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0 tclass=file

Summary: avc: denied { rename } for pid=5838 comm="smbd" name="heliopsis.log" dev=d...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-09-07 15:19 UTC by Orion Poplawski
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-09-18 18:29:36 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Orion Poplawski 2006-09-07 15:19:38 UTC

Description of problem:

Got this in the logs:

Sep  6 12:34:42 saga kernel: audit(1157567682.363:129): avc:  denied  { rename }
for  pid=5024 comm="smbd" name="heliopsis.log" dev=dm-2 ino=95641
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0
tclass=file
Sep  6 12:34:42 saga kernel: audit(1157567682.363:130): avc:  denied  { unlink }
for  pid=5024 comm="smbd" name="heliopsis.log.old" dev=dm-2 ino=95636
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0
tclass=file
Sep  6 12:41:51 saga kernel: audit(1157568111.382:131): avc:  denied  { rename }
for  pid=5838 comm="smbd" name="heliopsis.log" dev=dm-2 ino=95461
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0
tclass=file
Sep  6 12:41:51 saga kernel: audit(1157568111.382:132): avc:  denied  { unlink }
for  pid=5838 comm="smbd" name="heliopsis.log.old" dev=dm-2 ino=95424
scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:samba_log_t:s0
tclass=file

Running in permissive mode.
Version-Release number of selected component (if applicable):
selinux-policy-2.3.7-2.fc5

Comment 1 Daniel Walsh 2006-09-18 18:29:36 UTC

Policy for samba says the following

allow smbd_t samba_log_t:dir { create ra_dir_perms setattr };
dontaudit smbd_t samba_log_t:dir remove_name;
allow smbd_t samba_log_t:file { create ra_file_perms };

I believe the remove_name dontaudit would have prevented the AVC messages that
you see.  So I would say this is the expected behaviour.

Note You need to log in before you can comment on or make changes to this bug.