Bug 374761 - policycoreutils tries to relabel proc fs (named/chroot)
Summary: policycoreutils tries to relabel proc fs (named/chroot)
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-10 15:39 UTC by Doncho Gunchev
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-11-12 19:55:02 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Doncho Gunchev 2007-11-10 15:39:01 UTC 
Description of problem:
During yum update I got this stating that restorecon is trying getattr 
on /var/named/chroot/proc/3680/task/3680/fd/0.

Version-Release number of selected component (if applicable):
policycoreutils-2.0.31-7.fc8

How reproducible:
didn't try

Steps to Reproduce:
1. Install FC8-t3
2. Update to FC8 via yum

Actual results:
AVC message:
avc: denied { getattr } for comm=restorecon dev=proc 
path=/var/named/chroot/proc/3680/task/3680/fd/0 pid=17909 
scontext=system_u:system_r:setfiles_t:s0 tclass=lnk_file 
tcontext=system_u:system_r:inetd_t:s0 


Expected results:
I think restorecon should not touch proc (sysfs?) file systems. If it should 
however, then this ability should be granted by the policy.

Additional info:
I'm running FC8 in permissive SELinux mode, 
selinux-policy-targeted-3.0.8-44.fc8.
Comment 1 Daniel Walsh 2007-11-12 19:55:02 UTC 
I don't understand this since it is showing a symbolic link labeled inetd_t?

I have a feeling this would not have happened in enforcing mode, so I am going
to close won't fix.
Note You need to log in before you can comment on or make changes to this bug.