Bug 434888 - AVC against "init"....
Summary: AVC against "init"....
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Casey Dahlin
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-26 01:37 UTC by Tom London
Modified: 2014-06-18 08:46 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-02-26 15:38:30 UTC


Attachments (Terms of Use)

Description Tom London 2008-02-26 01:37:29 UTC
Description of problem:
After booting successfully to runlevel 5, gdm login, and fiddling for a while, I
got the following AVC:

type=AVC msg=audit(1203989344.513:28): avc:  denied  { read } for  pid=1
comm="init" path="inotify" dev=inotifyfs ino=1
scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0
tclass=dir

I haven't been able to reproduce it yet.

Version-Release number of selected component (if applicable):
upstart-0.3.9-5.fc9.i386

How reproducible:
Don't know....

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Bill Nottingham 2008-02-26 01:47:04 UTC
A simple:

fs_list_inotifyfs(init_t)

in the policy should do the trick.

Comment 2 Casey Dahlin 2008-02-26 01:59:20 UTC
Likely caused by inotify monitoring of /etc/event.d for config changes. Dunno
why it would be so sporadic to reproduce.

Comment 3 Tom London 2008-02-26 02:03:32 UTC
That makes sense....  I was "looking around" in /etc/event.d; perhaps I did
something that caused a file (or the directory) to be "touched".

Comment 4 Tom London 2008-02-26 02:13:55 UTC
BTW, here is another.  Thrown when "shutdown" is selectect from "System" menu:

type=AVC msg=audit(1203991627.013:56): avc:  denied  { sendto } for  pid=9898
comm="shutdown" path=002F636F6D2F7562756E74752F75707374617274
scontext=system_u:system_r:consolekit_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=unix_dgram_socket
type=SYSCALL msg=audit(1203991627.013:56): arch=40000003 syscall=102 success=yes
exit=34 a0=10 a1=bfcff1e0 a2=808c218 a3=808c090 items=0 ppid=9897 pid=9898
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="shutdown" exe="/sbin/shutdown"
subj=system_u:system_r:consolekit_t:s0 key=(null)

Not sure if that belongs here or against ConsoleKit....


Comment 5 Casey Dahlin 2008-02-26 02:29:20 UTC
Hmm, might have to do with the new /sbin/shutdown command

Comment 6 Bill Nottingham 2008-02-26 03:00:09 UTC
OK, the consolekit policy needs:

init_chat(consolekit_t)


Comment 7 Daniel Walsh 2008-02-26 15:38:30 UTC
Fixed in selinux-policy-3.3.1-2.fc9


Note You need to log in before you can comment on or make changes to this bug.