Bug 429915 - AVC: updpwd_t should have dontaudit rule for access to terminals
AVC: updpwd_t should have dontaudit rule for access to terminals
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-23 14:28 EST by Jochen Schmitt
Modified: 2008-03-05 17:17 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-05 17:17:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to suppress audit messages when writting to ptys (565 bytes, patch)
2008-01-30 13:52 EST, Jochen Schmitt
no flags Details | Diff

  None (edit)
Description Jochen Schmitt 2008-01-23 14:28:05 EST
Description of problem:

I will get the following avc message.

avc: denied { read write } for comm=unix_update dev=devpts egid=500 euid=0
exe=/sbin/unix_update exit=0 fsgid=500 fsuid=0 gid=500 items=0 name=2 pid=3784
scontext=system_u:system_r:updpwd_t:s0-s0:c0.c1023 sgid=500
subj=system_u:system_r:updpwd_t:s0-s0:c0.c1023 suid=0 tclass=chr_file
tcontext=system_u:object_r:devpts_t:s0 tty=pts2 uid=0 

The setroubleshoot tools explains, that there should be a dontaudit rule for
daemons which try to access terminals.
Comment 1 Jochen Schmitt 2008-01-30 13:52:07 EST
Created attachment 293468 [details]
Patch to suppress audit messages when writting to ptys
Comment 2 Daniel Walsh 2008-01-31 11:34:59 EST
Fixed in selinux-policy-3.0.8-82.fc8
Comment 3 Daniel Walsh 2008-03-05 17:17:23 EST
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.

Note You need to log in before you can comment on or make changes to this bug.