Bug 238317 - FC7 test4: SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to /dev/console (init_t)
FC7 test4: SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-29 04:45 EDT by Jussi Torhonen
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-12 13:00:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jussi Torhonen 2007-04-29 04:45:44 EDT
Description of problem:
Installed FC7 test4 into a clean computer. After logging in SELinux claims about
promlems.


Version-Release number of selected component (if applicable):
selinux-policy-2.6.1-1.fc7
shadow-utils-4.0.18.1-13.fc7

How reproducible:
Every login I see this

Steps to Reproduce:
1. turn on computer
2. boot FC7 test4 upto runlevel 5
3. login
  
Actual results:
SELinux error message pops up

Expected results:
No suche errors

Additional info:
BTW, test4 is missing in Bugzilla's version field menu - please fix.

Here's what the troubleshooter says:

Summary
SELinux is preventing /usr/sbin/grpconv (sysadm_passwd_t) "use" to /dev/console
(init_t).

Detailed Description
SELinux denied access requested by /usr/sbin/grpconv. It is not expected that
this access is required by /usr/sbin/grpconv and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Allowing Access
You can generate a local policy module to allow this access - see FAQ Or you can
disable SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a bug report against this package.

Additional Information
Source Context:  system_u:system_r:sysadm_passwd_tTarget
Context:  system_u:system_r:init_t
Target Objects:  /dev/console [ fd ]
Affected RPM Packages:  shadow-utils-4.0.18.1-13.fc7 [application]
Policy RPM:  selinux-policy-2.6.1-1.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall
Host Name:  jt-gw-2
Platform:  Linux jt-gw-2 2.6.20-1.3104.fc7 #1 SMP Sat Apr 21 22:02:46 EDT 2007
x86_64 x86_64
Alert Count:  2
First Seen:  Fri 27 Apr 2007 07:08:17 PM EEST
Last Seen:  Fri 27 Apr 2007 07:08:17 PM EEST
Local ID:  d9d77fde-09b4-4f54-9a8d-56569bbcf37f
Line Numbers:  

Raw Audit Messages :

avc: denied { use } for comm="grpconv" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/grpconv" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="console"
path="/dev/console" pid=3050 scontext=system_u:system_r:sysadm_passwd_t:s0
sgid=0 subj=system_u:system_r:sysadm_passwd_t:s0 suid=0 tclass=fd
tcontext=system_u:system_r:init_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2007-04-30 08:25:01 EDT
Fixed in selinux-policy-2.6.1-3.fc7
Comment 2 Daniel Walsh 2007-09-12 13:00:39 EDT
ALready fixed in rawhide

Note You need to log in before you can comment on or make changes to this bug.