Bug 235942 - Updatedb is getting SELinux avc denied message
Summary: Updatedb is getting SELinux avc denied message
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-10 22:24 UTC by G.Wolfe Woodbury
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:16:19 UTC


Attachments (Terms of Use)
SETroubleshooter report (2.31 KB, text/plain)
2007-04-10 22:24 UTC, G.Wolfe Woodbury
no flags Details

Description G.Wolfe Woodbury 2007-04-10 22:24:27 UTC
Description of problem:
    SETroubleshooter shows an avc message for updatedb as detailed in the
attached report.


Version-Release number of selected component (if applicable):
    mlocate-0.16
    selinux-policy-targeted-2.5.11-5


How reproducible:
    unknown


Steps to Reproduce:
1.
2.
3.
  
Actual results:
    avc report as attached

Expected results:
    no avc report

Additional info:
work1.private: rawhide of 2007-04-09 default install (no updates or extras yet)
  Celeron(Coppermine) @600MHz   MSI mobo VIA chipset  160MB Maxtor PATA drive
  Trident video + ATI video (dual head)   RTL NIC  etc.

Comment 1 G.Wolfe Woodbury 2007-04-10 22:24:27 UTC
Created attachment 152184 [details]
SETroubleshooter report

Comment 2 Miloslav Trmač 2007-04-10 22:35:29 UTC
Related to #234827 - updatedb needs to perform realpath() on all mount points. 
Thus, at least lstat () should be allowed for _all possible_ mount point
contexts; if there is another mount point in the subtree, updatedb should have
the permission necessary to lookup the mount point path within the subtree.

Comment 3 Daniel Walsh 2007-05-17 15:46:07 UTC
Fixed in selinux-policy-2.6.4-4.fc7

Comment 4 Daniel Walsh 2007-08-22 14:16:19 UTC
Should be fixed in the current release



Note You need to log in before you can comment on or make changes to this bug.