Bug 237391 - AVC on boot: accessing /etc/audit
Summary: AVC on boot: accessing /etc/audit
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-21 19:51 UTC by Tom London
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-04-24 16:18:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Tom London 2007-04-21 19:51:19 UTC 
Description of problem:
Get this (in /var/log/messages) booting latest rawhide:

Apr 21 09:35:55 localhost kernel: audit(1177173338.205:7): avc:  denied  {
search } for  pid=1759 comm="readahead" name="audit" dev=dm-0 ino=11076215
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir

/etc/readahead.d/early.sorted has:

448 /etc/audit/auditd.conf


Version-Release number of selected component (if applicable):
readahead-1.4.1-2.fc7

How reproducible:
every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Karel Zak 2007-04-23 12:13:04 UTC 
Hmm... the readahead should be able to read all files that system uses during boot.

Note there is few files (like /var/lib/random-seed) that will be removed from
the default readahead lists in the next update, because these files are from
very early boot time (time before /etc/init.d/readahead_early execution).

But the file /etc/audit/auditd.conf definitely belong to readahead list.
Comment 2 Tom London 2007-04-24 16:09:47 UTC 
Seems to be gone with selinux-policy-targeted-2.6.1-1.fc7

Didn't see anything in the changelog.

Close?
Comment 3 Daniel Walsh 2007-04-24 16:18:29 UTC 
Sorry must of missed this change.
Note You need to log in before you can comment on or make changes to this bug.