Bug 283681 - Reporting bug as requested by setroubleshoot browser
Reporting bug as requested by setroubleshoot browser
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-08 14:55 EDT by M. A. MacLain
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-10 10:08:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description M. A. MacLain 2007-09-08 14:55:41 EDT
Description of problem:
SummarySELinux is preventing /usr/sbin/sm-notify (rpcd_t) "search" to
(sysctl_fs_t).Detailed DescriptionSELinux denied access requested by
/usr/sbin/sm-notify. It is not expected that this access is required by
/usr/sbin/sm-notify and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.Allowing AccessSometimes labeling
problems can cause SELinux denials. You could try to restore the default system
file context for , restorecon -v If this does not work, there is currently no
automatic way to allow this access. Instead, you can generate a local policy
module to allow this access - see FAQ Or you can disable SELinux protection
altogether. Disabling SELinux protection is not recommended. Please file a bug
report against this package.

Additional InformationSource Context:  user_u:system_r:rpcd_tTarget
Context:  system_u:object_r:sysctl_fs_tTarget Objects:  None [ dir ]Affected RPM
Packages:  nfs-utils-1.1.0-1.fc7 [application]Policy
RPM:  selinux-policy-2.6.4-29.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.catchall_fileHost
Name:  dhcppc0Platform:  Linux dhcppc0 2.6.22.1-33.fc7 #1 SMP Mon Jul 23
17:33:07 EDT 2007 i686 i686Alert Count:  2First Seen:  Wed 01 Aug 2007 07:25:16
AM EDTLast Seen:  Wed 01 Aug 2007 07:25:16 AM EDTLocal
ID:  16129e92-4b1a-4424-9c28-13ce3d2206a7Line Numbers:  

Raw Audit Messages :avc: denied { search } for comm="sm-notify" egid=0 euid=0
exe="/usr/sbin/sm-notify" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=3094
scontext=user_u:system_r:rpcd_t:s0 sgid=0 subj=user_u:system_r:rpcd_t:s0 suid=0
tclass=dir tcontext=system_u:object_r:sysctl_fs_t:s0 tty=(none) uid=0 


Version-Release number of selected component (if applicable):
selinux-policy-2.6.4-29.fc7

How reproducible:
Indicates 2 times

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2007-09-10 10:08:51 EDT
Please run yum update to update to the latest selinux policy

Fixed in selinux-policy-2.6.4-39.fc7

Note You need to log in before you can comment on or make changes to this bug.