This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 334461 - SELinux policy III
SELinux policy III
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-16 10:40 EDT by Zdenek Kabelac
Modified: 2008-01-30 14:20 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:20:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
just compresed my actual log from SElinux if the messsages are not as readable as the plain text (17.66 KB, application/x-gzip)
2007-10-16 10:43 EDT, Zdenek Kabelac
no flags Details
audit.log (66.93 KB, application/x-bzip)
2007-10-18 03:56 EDT, Zdenek Kabelac
no flags Details

  None (edit)
Description Zdenek Kabelac 2007-10-16 10:40:21 EDT
Description of problem:

SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe (rpm_t).

Source Context:  system_u:system_r:load_policy_t:s0Target
Context:  system_u:system_r:rpm_t:s0Target Objects:  pipe [ fifo_file ]Affected
RPM Packages:  policycoreutils-2.0.29-1.fc8 [application]Policy
RPM:  selinux-policy-3.0.8-20.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  PermissivePlugin Name:  plugins.catchallHost
Name:  dhcp-lab-228.englab.brq.redhat.comPlatform:  Linux
dhcp-lab-228.englab.brq.redhat.com 2.6.23-5.fc8 #1 SMP Wed Oct 10 19:25:16 EDT
2007 x86_64 x86_64Alert Count:  7First
Seen:  Pá 12. říjen 2007, 14:59:02 CESTLast
Seen:  Po 15. říjen 2007, 10:05:29 CESTLocal
ID:  29ff9786-cc78-42f3-8380-3fc28747a808Line Numbers:  Raw Audit Messages :avc:
denied { write } for comm=load_policy dev=pipefs egid=0 euid=0
exe=/usr/sbin/load_policy exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=pipe:[42398]
pid=7186 scontext=system_u:system_r:load_policy_t:s0 sgid=0
subj=system_u:system_r:load_policy_t:s0 suid=0 tclass=fifo_file
tcontext=system_u:system_r:rpm_t:s0 tty=pts1 uid=0 

-------------------------------------------

SELinux is preventing /usr/bin/readlink (udev_t) "getattr" to /home (home_root_t).

Source Context:  system_u:system_r:udev_t:s0-s0:c0.c1023Target
Context:  system_u:object_r:home_root_t:s0Target Objects:  /home [ dir ]Affected
RPM Packages:  coreutils-6.9-6.fc8 [application]filesystem-2.4.11-1.fc8
[target]Policy RPM:  selinux-policy-3.0.8-20.fc8Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  PermissivePlugin
Name:  plugins.catchall_fileHost
Name:  dhcp-lab-228.englab.brq.redhat.comPlatform:  Linux
dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45
EDT 2007 x86_64 x86_64Alert Count:  1First
Seen:  Pá 12. říjen 2007, 15:34:44 CESTLast
Seen:  Pá 12. říjen 2007, 15:34:44 CESTLocal
ID:  f3cdf5e0-a555-4d5f-9755-76685094fdecLine Numbers:  Raw Audit Messages :avc:
denied { getattr } for comm=readlink dev=sda7 egid=0 euid=0
exe=/usr/bin/readlink exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=/ path=/home
pid=3822 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 

---------------------------------------------------


SELinux is preventing /usr/bin/readlink (udev_t) "search" to (home_root_t).

Source Context:  system_u:system_r:udev_t:s0-s0:c0.c1023Target
Context:  system_u:object_r:home_root_t:s0Target Objects:  None [ dir ]Affected
RPM Packages:  coreutils-6.9-6.fc8 [application]Policy
RPM:  selinux-policy-3.0.8-20.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  PermissivePlugin Name:  plugins.catchall_fileHost
Name:  dhcp-lab-228.englab.brq.redhat.comPlatform:  Linux
dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45
EDT 2007 x86_64 x86_64Alert Count:  1First
Seen:  Pá 12. říjen 2007, 15:34:44 CESTLast
Seen:  Pá 12. říjen 2007, 15:34:44 CESTLocal
ID:  daa032c0-8486-4760-906c-21a3405cd910Line Numbers:  Raw Audit Messages :avc:
denied { search } for comm=readlink dev=sda7 egid=0 euid=0 exe=/usr/bin/readlink
exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=/ pid=3822
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:home_root_t:s0 tty=(none) uid=0 

-------------------------------------------------


SELinux is preventing /usr/sbin/brctl (brctl_t) "use" to /sys/kernel/hotplug
(kernel_t).


Source Context:  system_u:system_r:brctl_t:s0-s0:c0.c1023Target
Context:  system_u:system_r:kernel_t:s0Target Objects:  /sys/kernel/hotplug [ fd
]Affected RPM Packages:  bridge-utils-1.2-2.fc8 [application]Policy
RPM:  selinux-policy-3.0.8-20.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  PermissivePlugin Name:  plugins.catchallHost
Name:  dhcp-lab-228.englab.brq.redhat.comPlatform:  Linux
dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45
EDT 2007 x86_64 x86_64Alert Count:  1First
Seen:  Pá 12. říjen 2007, 15:18:07 CESTLast
Seen:  Pá 12. říjen 2007, 15:18:07 CESTLocal
ID:  ba7cdbb9-6eed-4f95-9e89-68f10be03163Line Numbers:  Raw Audit Messages :avc:
denied { use } for comm=brctl dev=proc egid=0 euid=0 exe=/usr/sbin/brctl exit=0
fsgid=0 fsuid=0 gid=0 items=0 name=hotplug path=/sys/kernel/hotplug pid=3442
scontext=system_u:system_r:brctl_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:brctl_t:s0-s0:c0.c1023 suid=0 tclass=fd
tcontext=system_u:system_r:kernel_t:s0 tty=(none) uid=0 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Zdenek Kabelac 2007-10-16 10:43:45 EDT
Created attachment 228851 [details]
just compresed my actual log from SElinux if the messsages are not as readable as the plain text
Comment 2 Daniel Walsh 2007-10-17 14:01:51 EDT
Please attach your /var/log/audit/audit/audit.log
Comment 3 Zdenek Kabelac 2007-10-18 03:56:29 EDT
Created attachment 230771 [details]
audit.log

Here it goes
Comment 4 Daniel Walsh 2007-10-18 16:12:06 EDT
What service in inetd is listing on port 904?

Comment 5 Zdenek Kabelac 2007-10-19 06:02:49 EDT
It's the default port selected by vmware - I guess this should be then
handled most probably by some rule on the vmware installation - because
the port number could be arbitrarily changed during the installation
(or even just reconfiguration) - so it probably not something which
could be easily hardcoded.

rpm & installation code is written directly by VMWARE company - so it
might be probably needed to send them a patch for their installation
script to get things done in the right way ? (I'm not sure - just an idea...)
 
Comment 6 Daniel Walsh 2007-11-19 10:53:58 EST
  Fixed in selinux-policy-3.0.8-56.fc8
Comment 7 Daniel Walsh 2008-01-30 14:20:55 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.