244574 – ricci_mod_clusterd_t selinux policy prevents "use" access to /dev/null (rpm_script_t)

Bug 244574 - ricci_mod_clusterd_t selinux policy prevents "use" access to /dev/null (rpm_script_t)

Summary: ricci_mod_clusterd_t selinux policy prevents "use" access to /dev/null (rpm_s...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	conga
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Jim Parsons
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-17 15:09 UTC by Subhendu Ghosh
Modified:	2016-10-04 04:28 UTC (History)
CC List:	6 users (show)
Fixed In Version:	5.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-01-18 18:55:40 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Subhendu Ghosh 2007-06-17 15:09:13 UTC

/sbin/modclusterd is trying to access /dev/null

Source Context:  root:system_r:ricci_modclusterd_t
Target Context:  root:system_r:rpm_script_t:SystemLow-SystemHigh
Target Objects:  /dev/null [ fd ]
Affected RPM Packages:  modcluster-0.9.2-6.el5 [application]
Policy RPM:  selinux-policy-2.4.6-30.el5
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  plugins.disable_trans
Host Name:  albany.sa.lga.redhat.com
Platform:  Linux albany.sa.lga.redhat.com 2.6.18-8.el5PAE #1 SMP Fri Jan 26
14:28:43 EST 2007 i686 i686
Alert Count:  1
Line Numbers:   

Raw Audit Messages :

avc: denied { use } for comm="modclusterd" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/modclusterd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="null"
path="/dev/null" pid=8869 scontext=root:system_r:ricci_modclusterd_t:s0 sgid=0
subj=root:system_r:ricci_modclusterd_t:s0 suid=0 tclass=fd
tcontext=root:system_r:rpm_script_t:s0-s0:c0.c1023 tty=pts1 uid=0 


How reproducible:
Always-install conga on RHEL5

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:
work

Additional info:

Comment 1 Daniel Walsh 2007-06-18 15:25:49 UTC

This can be ignored.  The update should have succeeded even though this avc was
generated.  I will dontaudit this message in the future.

Fixed in selinux-policy-2.4.6-76.el5

Comment 2 Ryan McCabe 2008-01-18 18:55:40 UTC

Closing per comment #1

Note You need to log in before you can comment on or make changes to this bug.