Bug 374761 - policycoreutils tries to relabel proc fs (named/chroot)
policycoreutils tries to relabel proc fs (named/chroot)
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-10 10:39 EST by Doncho N. Gunchev
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-12 14:55:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Doncho N. Gunchev 2007-11-10 10:39:01 EST
Description of problem:
During yum update I got this stating that restorecon is trying getattr 
on /var/named/chroot/proc/3680/task/3680/fd/0.

Version-Release number of selected component (if applicable):
policycoreutils-2.0.31-7.fc8

How reproducible:
didn't try

Steps to Reproduce:
1. Install FC8-t3
2. Update to FC8 via yum

Actual results:
AVC message:
avc: denied { getattr } for comm=restorecon dev=proc 
path=/var/named/chroot/proc/3680/task/3680/fd/0 pid=17909 
scontext=system_u:system_r:setfiles_t:s0 tclass=lnk_file 
tcontext=system_u:system_r:inetd_t:s0 


Expected results:
I think restorecon should not touch proc (sysfs?) file systems. If it should 
however, then this ability should be granted by the policy.

Additional info:
I'm running FC8 in permissive SELinux mode, 
selinux-policy-targeted-3.0.8-44.fc8.
Comment 1 Daniel Walsh 2007-11-12 14:55:02 EST
I don't understand this since it is showing a symbolic link labeled inetd_t?

I have a feeling this would not have happened in enforcing mode, so I am going
to close won't fix.

Note You need to log in before you can comment on or make changes to this bug.