Bug 429915 - AVC: updpwd_t should have dontaudit rule for access to terminals
Summary: AVC: updpwd_t should have dontaudit rule for access to terminals
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-01-23 19:28 UTC by Jochen Schmitt
Modified: 2008-03-05 22:17 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-05 22:17:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Patch to suppress audit messages when writting to ptys (565 bytes, patch)
2008-01-30 18:52 UTC, Jochen Schmitt 		no flags Details | Diff
View All

Description Jochen Schmitt 2008-01-23 19:28:05 UTC 
Description of problem:

I will get the following avc message.

avc: denied { read write } for comm=unix_update dev=devpts egid=500 euid=0
exe=/sbin/unix_update exit=0 fsgid=500 fsuid=0 gid=500 items=0 name=2 pid=3784
scontext=system_u:system_r:updpwd_t:s0-s0:c0.c1023 sgid=500
subj=system_u:system_r:updpwd_t:s0-s0:c0.c1023 suid=0 tclass=chr_file
tcontext=system_u:object_r:devpts_t:s0 tty=pts2 uid=0 

The setroubleshoot tools explains, that there should be a dontaudit rule for
daemons which try to access terminals.
Comment 1 Jochen Schmitt 2008-01-30 18:52:07 UTC 
Created attachment 293468 [details]
Patch to suppress audit messages when writting to ptys
Comment 2 Daniel Walsh 2008-01-31 16:34:59 UTC 
Fixed in selinux-policy-3.0.8-82.fc8
Comment 3 Daniel Walsh 2008-03-05 22:17:23 UTC 
Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.
Note You need to log in before you can comment on or make changes to this bug.