239759 – AVC errors for hwclock when executed by init process.

Bug 239759 - AVC errors for hwclock when executed by init process.

Summary: AVC errors for hwclock when executed by init process.

Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:	(Show other bugs)
Version:	5.0
Hardware:	All Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-11 02:38 UTC by Gurhan Ozen
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-05-14 18:06:19 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Gurhan Ozen 2007-05-11 02:38:56 UTC

Description of problem:

When executing the following commands:
hwclock --set --date "1/1/2000 00:00:00"
hwclock --utc --systohc

as init process, the following AVC errors are obtained:
type=SYSCALL msg=audit(1178819431.189:1845): arch=40000003 syscall=5 success=no
exit=-13 a0=90e2c48 a1=0 a2=40171ff4 a3=90e1a68 items=0 ppid=13457 pid=13460
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="hwclock" exe="/sbin/hwclock"
subj=system_u:system_r:hwclock_t:s0 key=(null)
type=AVC msg=audit(1178819431.189:1845): avc:  denied  { search } for  pid=13460
comm="hwclock" name="mnt" dev=dm-0 ino=16613377
scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:object_r:mnt_t:s0
tclass=dir


If those commands are run as root though, no errors are given. 


Version-Release number of selected component (if applicable):
RHEL5-GA

How reproducible:
Everytime

Steps to Reproduce:
1. Put those commands in a script, and place it in the /etc/rc3.d dir as a start
script.
2. reboot the machine
3.
  
Actual results:
AVC errors are thrown

Expected results:
No errors should be given.

Additional info:
You can run these in the rhts system... The test is
/kernel/security/audit/audit-test-1212

Comment 1 Gurhan Ozen 2007-05-11 18:19:02 UTC

Note that this does happen with the latest selinux-policy package
(selinux-policy-2.4.6-67.el5) package as well.

Comment 2 Daniel Walsh 2007-05-14 17:51:11 UTC

Why would hwclock be searching the mnt_t directory?

Comment 3 Jeff Burke 2007-05-14 18:06:19 UTC

This error is due to a failure in the loading of RHTS test policy.

Note You need to log in before you can comment on or make changes to this bug.