Red Hat Bugzilla – Bug 431221
Root can't write to /proc/*/{oom_adj,sched}
Last modified: 2008-03-05 17:17:26 EST
Description of problem: Root is denied write access to files in /proc/<pid>/ which should be writable by him, even from an unconfined_t shell. Version-Release number of selected component (if applicable): selinux-policy-3.0.8-81.fc8.noarch selinux-policy-targeted-3.0.8-81.fc8.noarch kernel-2.6.23.14-107.fc8.x86_64 How reproducible: Steps to Reproduce: Login as root. Let's choose a confined process, e.g. hald.: # cd /proc/$(/sbin/pidof hald) # ls -l oom_adj -rw-r--r-- 1 root root 0 Feb 1 16:12 oom_adj # echo 1 > oom_adj bash: oom_adj: Permission denied Actual results: Write access is denied, an AVC message is generated: avc: denied { write } for comm=bash dev=proc egid=0 euid=0 exe=/bin/bash exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=oom_adj pid=5920 scontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 sgid=0 subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:system_r:hald_t:s0 tty=pts3 uid=0 Expected results: Root should be allowed to tune the processes' writable parameters in /proc/<pid>/ Additional info: The bug prevents the latencytop utility from working correctly with SELinux in enforcing mode (latencytop is going through package review: https://bugzilla.redhat.com/show_bug.cgi?id=431047 ).
Fixed in selinux-policy-3.0.8-84.fc8
Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists.