Bug 244574 - ricci_mod_clusterd_t selinux policy prevents "use" access to /dev/null (rpm_script_t)
ricci_mod_clusterd_t selinux policy prevents "use" access to /dev/null (rpm_s...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: conga (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Jim Parsons
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-17 11:09 EDT by Subhendu Ghosh
Modified: 2009-04-16 18:54 EDT (History)
5 users (show)

See Also:
Fixed In Version: 5.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-18 13:55:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Subhendu Ghosh 2007-06-17 11:09:13 EDT
/sbin/modclusterd is trying to access /dev/null

Source Context:  root:system_r:ricci_modclusterd_t
Target Context:  root:system_r:rpm_script_t:SystemLow-SystemHigh
Target Objects:  /dev/null [ fd ]
Affected RPM Packages:  modcluster-0.9.2-6.el5 [application]
Policy RPM:  selinux-policy-2.4.6-30.el5
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  plugins.disable_trans
Host Name:  albany.sa.lga.redhat.com
Platform:  Linux albany.sa.lga.redhat.com 2.6.18-8.el5PAE #1 SMP Fri Jan 26
14:28:43 EST 2007 i686 i686
Alert Count:  1
Line Numbers:   

Raw Audit Messages :

avc: denied { use } for comm="modclusterd" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/modclusterd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="null"
path="/dev/null" pid=8869 scontext=root:system_r:ricci_modclusterd_t:s0 sgid=0
subj=root:system_r:ricci_modclusterd_t:s0 suid=0 tclass=fd
tcontext=root:system_r:rpm_script_t:s0-s0:c0.c1023 tty=pts1 uid=0 


How reproducible:
Always-install conga on RHEL5

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:
work

Additional info:
Comment 1 Daniel Walsh 2007-06-18 11:25:49 EDT
This can be ignored.  The update should have succeeded even though this avc was
generated.  I will dontaudit this message in the future.

Fixed in selinux-policy-2.4.6-76.el5
Comment 2 Ryan McCabe 2008-01-18 13:55:40 EST
Closing per comment #1

Note You need to log in before you can comment on or make changes to this bug.