242854 – SELinux denial with updatedb on new F7 install

Bug 242854 - SELinux denial with updatedb on new F7 install

Summary: SELinux denial with updatedb on new F7 install

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-06 04:45 UTC by vfiend
Modified:	2007-11-30 22:12 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-06-11 23:54:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description vfiend 2007-06-06 04:45:49 UTC

Summary
    SELinux is preventing /usr/bin/updatedb (locate_t) "getattr" to
    /proc/fs/vmblock/mountPoint (unlabeled_t).

...

Additional Information        

Source Context                system_u:system_r:locate_t
Target Context                system_u:object_r:unlabeled_t
Target Objects                /proc/fs/vmblock/mountPoint [ dir ]
Affected RPM Packages         mlocate-0.16-1 [application]
Policy RPM                    selinux-policy-2.6.4-8.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     monolith
Platform                      Linux monolith 2.6.21-1.3194.fc7 #1 SMP Wed May 23
                              22:47:07 EDT 2007 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 05 Jun 2007 04:57:53 AM PDT
Last Seen                     Tue 05 Jun 2007 04:58:15 AM PDT
Local ID                      4b9a25ac-0859-461d-941f-ed8ae0ef5323
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm="updatedb" dev=vmblock egid=0 euid=0
exe="/usr/bin/updatedb" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/"
path="/proc/fs/vmblock/mountPoint" pid=5082
scontext=system_u:system_r:locate_t:s0 sgid=0 subj=system_u:system_r:locate_t:s0
suid=0 tclass=dir tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0

Comment 1 vfiend 2007-06-09 09:14:22 UTC

Hmm, hasn't happened since the first night's cron jobs after the install.

Comment 2 vfiend 2007-06-11 23:54:16 UTC

closed for same reason as bug 242853 was

Note You need to log in before you can comment on or make changes to this bug.