238317 – FC7 test4: SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to /dev/console (init_t)

Bug 238317 - FC7 test4: SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to /dev/console (init_t)

Summary: FC7 test4: SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to...

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-04-29 08:45 UTC by Jussi Torhonen
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-09-12 17:00:39 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jussi Torhonen 2007-04-29 08:45:44 UTC

Description of problem:
Installed FC7 test4 into a clean computer. After logging in SELinux claims about
promlems.


Version-Release number of selected component (if applicable):
selinux-policy-2.6.1-1.fc7
shadow-utils-4.0.18.1-13.fc7

How reproducible:
Every login I see this

Steps to Reproduce:
1. turn on computer
2. boot FC7 test4 upto runlevel 5
3. login
  
Actual results:
SELinux error message pops up

Expected results:
No suche errors

Additional info:
BTW, test4 is missing in Bugzilla's version field menu - please fix.

Here's what the troubleshooter says:

Summary
SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to /dev/console
(init_t).

Detailed Description
SELinux denied access requested by /usr/sbin/grpconv. It is not expected that
this access is required by /usr/sbin/grpconv and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Allowing Access
You can generate a local policy module to allow this access - see FAQ Or you can
disable SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a bug report against this package.

Additional Information
Source Context:  system_u:system_r:sysadm_passwd_tTarget
Context:  system_u:system_r:init_t
Target Objects:  /dev/console [ fd ]
Affected RPM Packages:  shadow-utils-4.0.18.1-13.fc7 [application]
Policy RPM:  selinux-policy-2.6.1-1.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall
Host Name:  jt-gw-2
Platform:  Linux jt-gw-2 2.6.20-1.3104.fc7 #1 SMP Sat Apr 21 22:02:46 EDT 2007
x86_64 x86_64
Alert Count:  2
First Seen:  Fri 27 Apr 2007 07:08:17 PM EEST
Last Seen:  Fri 27 Apr 2007 07:08:17 PM EEST
Local ID:  d9d77fde-09b4-4f54-9a8d-56569bbcf37f
Line Numbers:  

Raw Audit Messages :

avc: denied { use } for comm="grpconv" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/grpconv" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="console"
path="/dev/console" pid=3050 scontext=system_u:system_r:sysadm_passwd_t:s0
sgid=0 subj=system_u:system_r:sysadm_passwd_t:s0 suid=0 tclass=fd
tcontext=system_u:system_r:init_t:s0 tty=(none) uid=0

Comment 1 Daniel Walsh 2007-04-30 12:25:01 UTC

Fixed in selinux-policy-2.6.1-3.fc7

Comment 2 Daniel Walsh 2007-09-12 17:00:39 UTC

ALready fixed in rawhide

Note You need to log in before you can comment on or make changes to this bug.