208194 – Extra policy needed for amanda 2.5.1

Bug 208194 - Extra policy needed for amanda 2.5.1

Summary: Extra policy needed for amanda 2.5.1

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-09-26 21:37 UTC by Orion Poplawski
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-02-09 21:29:30 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Orion Poplawski 2006-09-26 21:37:23 UTC

Description of problem:

I'm starting to run amanda 2.5.1 because of problems introduce with releasing
tar 1.5.91 to FC5, which may cause 2.5.1 to be released for FC5.  I ran into the
following new avc denials which will need fixing:

audit(1159305833.612:1332): avc:  denied  { create } for  pid=16542
comm="amandad" name="amandad" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_log_t:s0 tclass=dir
audit(1159301717.351:195): avc:  denied  { create } for  pid=11723
comm="sendsize" name="client" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_log_t:s0 tclass=dir

amanda now creates directories in /var/log/amanda

I'll be doing a full run tonight.  We'll see if anything else pops up.

Version-Release number of selected component (if applicable):
selinux-policy-2.3.7-2.fc5

Comment 1 Daniel Walsh 2006-09-28 18:43:28 UTC

Fixed in selinux-policy-2.3.16-6

Comment 2 Orion Poplawski 2006-11-02 16:40:36 UTC

Some others showing up:

Nov  1 21:32:47 saga kernel: audit(1162441967.934:45): avc:  denied  { create }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:46): avc:  denied  { bind }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:47): avc:  denied  { getattr }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:48): avc:  denied  { write }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:49): avc:  denied  {
nlmsg_read } for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:50): avc:  denied  { read }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket

Comment 3 Orion Poplawski 2007-02-09 21:29:30 UTC

Not seeing any more messages with 2.5.1p1 and FC6.

Note You need to log in before you can comment on or make changes to this bug.