Bug 242204 - pam_console avcs after updating to f7
Summary: pam_console avcs after updating to f7
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 7
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-02 07:06 UTC by drago01
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-07 06:22:18 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description drago01 2007-06-02 07:06:03 UTC
Description of problem:

I updated my FC6 box to F7 and did a relabel after it to make sure that all
files are labeled correctly. But I still get this avcs:

audit(1180761094.595:10): avc:  denied  { getattr } for  pid=3095
comm="pam_console_app" name="parport2" dev=tmpfs ino=1796
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
audit(1180761094.595:11): avc:  denied  { getattr } for  pid=3095
comm="pam_console_app" name="parport3" dev=tmpfs ino=1797
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.6.4-8.fc7

How reproducible:

always

Steps to Reproduce:
1. boot
2. login
  
Actual results:

avcs

Expected results:

no avcs

Additional info:
audit2allow -d shows this:
#============= pam_console_t ==============
allow pam_console_t printer_device_t:chr_file getattr;

Comment 1 Daniel Walsh 2007-06-04 15:32:36 UTC
  Fixed in selinux-policy-2.6.4-13.fc7

Comment 2 drago01 2007-06-07 06:22:18 UTC
I can confirm that this fixes it; thx for the quick fix.


Note You need to log in before you can comment on or make changes to this bug.