Bug 242204 - pam_console avcs after updating to f7
pam_console avcs after updating to f7
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-02 03:06 EDT by drago01
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-07 02:22:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description drago01 2007-06-02 03:06:03 EDT
Description of problem:

I updated my FC6 box to F7 and did a relabel after it to make sure that all
files are labeled correctly. But I still get this avcs:

audit(1180761094.595:10): avc:  denied  { getattr } for  pid=3095
comm="pam_console_app" name="parport2" dev=tmpfs ino=1796
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file
audit(1180761094.595:11): avc:  denied  { getattr } for  pid=3095
comm="pam_console_app" name="parport3" dev=tmpfs ino=1797
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.6.4-8.fc7

How reproducible:

always

Steps to Reproduce:
1. boot
2. login
  
Actual results:

avcs

Expected results:

no avcs

Additional info:
audit2allow -d shows this:
#============= pam_console_t ==============
allow pam_console_t printer_device_t:chr_file getattr;
Comment 1 Daniel Walsh 2007-06-04 11:32:36 EDT
  Fixed in selinux-policy-2.6.4-13.fc7
Comment 2 drago01 2007-06-07 02:22:18 EDT
I can confirm that this fixes it; thx for the quick fix.

Note You need to log in before you can comment on or make changes to this bug.