Bug 236448 - Multiple denies during software upgrade
Multiple denies during software upgrade
Product: Fedora
Classification: Fedora
Component: pirut (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Depends On:
  Show dependency treegraph
Reported: 2007-04-14 07:15 EDT by Michael De La Rue
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-05-29 14:17:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
audit denies during today (12.30 KB, text/plain)
2007-04-14 07:15 EDT, Michael De La Rue
no flags Details
exerpt of /var/log/messages (slightly filtered) (3.60 KB, text/plain)
2007-04-14 07:16 EDT, Michael De La Rue
no flags Details
update history for packages updated during problem. (9.50 KB, text/plain)
2007-04-14 07:17 EDT, Michael De La Rue
no flags Details

  None (edit)
Description Michael De La Rue 2007-04-14 07:15:14 EDT
Description of problem:
During a software upgrade driven by pup, I had multiple AVC denies.  These
included denies on running restorecon, so I suspect that the system state became

The following packages caused alerts
policycoreutils-1.34.1-4.fc6 (due to update of selinux-policy-targeted.noarch?)

Version-Release number of selected component (if applicable):

How reproducible:
Happened once so far.  Reproduction not attempted since it would be a big job.

Steps to Reproduce:
1. pup says there are software updates, say yes
Actual results:
during software updates there are four AVC denies.

Expected results:
software installs silently and correctly

Additional info:
Comment 1 Michael De La Rue 2007-04-14 07:15:15 EDT
Created attachment 152607 [details]
audit denies during today
Comment 2 Michael De La Rue 2007-04-14 07:16:24 EDT
Created attachment 152608 [details]
exerpt of /var/log/messages (slightly filtered)
Comment 3 Michael De La Rue 2007-04-14 07:17:18 EDT
Created attachment 152609 [details]
update history for packages updated during problem.
Comment 4 Daniel Walsh 2007-04-16 10:18:36 EDT
These are leaked file descriptors by pup/rpm, or what ever tool you were using
to update.  Luckily they do not effect the update.  Any app that execs other
apps should make sure that all file descriptors are closed before the exec. 
SELinux checks all open file descriptors for access before running a confined
app, which triggers these avc messages.  After the denial, the kernel closes the
file descriptors and continues the application.

Changing this bug to pirut
Comment 5 Jeremy Katz 2007-04-16 10:39:54 EDT
Do you just see this with pup or do you also see it with just using yum?  I
can't think of anything which would be pup specific here.
Comment 6 Michael De La Rue 2007-05-27 09:09:48 EDT
It was a one off thing and hasn't repeated.  I have run yum directly and have
never seen such a thing again.  

Note You need to log in before you can comment on or make changes to this bug.