Red Hat Bugzilla – Bug 235942
Updatedb is getting SELinux avc denied message
Last modified: 2007-11-30 17:12:01 EST
Description of problem:
SETroubleshooter shows an avc message for updatedb as detailed in the
Version-Release number of selected component (if applicable):
Steps to Reproduce:
avc report as attached
no avc report
work1.private: rawhide of 2007-04-09 default install (no updates or extras yet)
Celeron(Coppermine) @600MHz MSI mobo VIA chipset 160MB Maxtor PATA drive
Trident video + ATI video (dual head) RTL NIC etc.
Created attachment 152184 [details]
Related to #234827 - updatedb needs to perform realpath() on all mount points.
Thus, at least lstat () should be allowed for _all possible_ mount point
contexts; if there is another mount point in the subtree, updatedb should have
the permission necessary to lookup the mount point path within the subtree.
Fixed in selinux-policy-2.6.4-4.fc7
Should be fixed in the current release