235942 – Updatedb is getting SELinux avc denied message

Bug 235942 - Updatedb is getting SELinux avc denied message

Summary: Updatedb is getting SELinux avc denied message

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-04-10 22:24 UTC by G.Wolfe Woodbury
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-08-22 14:16:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
SETroubleshooter report (2.31 KB, text/plain) 2007-04-10 22:24 UTC, G.Wolfe Woodbury	no flags	Details
View All

Description G.Wolfe Woodbury 2007-04-10 22:24:27 UTC

Description of problem:
    SETroubleshooter shows an avc message for updatedb as detailed in the
attached report.


Version-Release number of selected component (if applicable):
    mlocate-0.16
    selinux-policy-targeted-2.5.11-5


How reproducible:
    unknown


Steps to Reproduce:
1.
2.
3.
  
Actual results:
    avc report as attached

Expected results:
    no avc report

Additional info:
work1.private: rawhide of 2007-04-09 default install (no updates or extras yet)
  Celeron(Coppermine) @600MHz   MSI mobo VIA chipset  160MB Maxtor PATA drive
  Trident video + ATI video (dual head)   RTL NIC  etc.

Comment 1 G.Wolfe Woodbury 2007-04-10 22:24:27 UTC

Created attachment 152184 [details]
SETroubleshooter report

Comment 2 Miloslav Trmač 2007-04-10 22:35:29 UTC

Related to #234827 - updatedb needs to perform realpath() on all mount points. 
Thus, at least lstat () should be allowed for _all possible_ mount point
contexts; if there is another mount point in the subtree, updatedb should have
the permission necessary to lookup the mount point path within the subtree.

Comment 3 Daniel Walsh 2007-05-17 15:46:07 UTC

Fixed in selinux-policy-2.6.4-4.fc7

Comment 4 Daniel Walsh 2007-08-22 14:16:19 UTC

Should be fixed in the current release

Note You need to log in before you can comment on or make changes to this bug.