Description of problem: We get these errors when running the autofs regression tests: time->Wed Mar 26 11:14:07 2008 type=SYSCALL msg=audit(1206544447.920:19): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fff631ab300 a2=6e a3=7fff631ab640 items=0 ppid=3441 pid=21218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1206544447.920:19): avc: denied { search } for pid=21218 comm="tcpdump" name="nscd" dev=dm-0 ino=21299267 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir ---- time->Wed Mar 26 11:14:07 2008 type=SYSCALL msg=audit(1206544447.923:23): arch=c000003e syscall=2 success=no exit=-13 a0=2aaaab12c772 a1=0 a2=ffffffffffffffb0 a3=0 items=0 ppid=3441 pid=21218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1206544447.923:23): avc: denied { search } for pid=21218 comm="tcpdump" name="sys" dev=proc ino=4026531868 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir ---- The test harness spawns tcpdump to capture packets during a test run. Version-Release number of selected component (if applicable): selinux-policy 2.4.6 125.el5 noarch selinux-policy-targeted 2.4.6 125.el5 noarch kernel 2.6.18 86.el5 x86_64 How reproducible: 100% Steps to Reproduce: 1. Run the autofs regression tests.
Fixed in selinux-policy-2.4.6-128.el5
Re-running the tests, we now get the following: /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 4/17/2008 10:2:20 ---- time->Thu Apr 17 10:02:39 2008 type=SYSCALL msg=audit(1208440959.733:19): arch=40000003 syscall=5 success=no exit=-13 a0=abeb64 a1=0 a2=99f264 a3=80d2a00 items=0 ppid=3006 pid=3328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440959.733:19): avc: denied { search } for pid=3328 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:11 2008 type=SYSCALL msg=audit(1208440991.000:22): arch=40000003 syscall=5 success=no exit=-13 a0=614b64 a1=0 a2=4f5264 a3=80d2a00 items=0 ppid=3006 pid=3614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440991.000:22): avc: denied { search } for pid=3614 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:18 2008 type=SYSCALL msg=audit(1208440998.410:25): arch=40000003 syscall=5 success=no exit=-13 a0=692b64 a1=0 a2=573264 a3=80d2a00 items=0 ppid=3006 pid=3695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208440998.410:25): avc: denied { search } for pid=3695 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 10:03:49 2008 type=SYSCALL msg=audit(1208441029.568:28): arch=40000003 syscall=5 success=no exit=-13 a0=489b64 a1=0 a2=36a264 a3=80d2a00 items=0 ppid=3006 pid=3985 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208441029.568:28): avc: denied { search } for pid=3985 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ----
One more time. Fixed in selinux-policy-2.4.6-132.el5
(In reply to comment #8) > One more time. > > Fixed in selinux-policy-2.4.6-132.el5 Did you actually test this? I'm still seeing problems: /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 4/17/2008 12:1:33 ---- time->Thu Apr 17 12:01:54 2008 type=SYSCALL msg=audit(1208448114.667:19): arch=40000003 syscall=5 success=no exit=-13 a0=234b64 a1=0 a2=115264 a3=80d2a00 items=0 ppid=3722 pid=4058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448114.667:19): avc: denied { search } for pid=4058 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:02:26 2008 type=SYSCALL msg=audit(1208448146.387:22): arch=40000003 syscall=5 success=no exit=-13 a0=bd8b64 a1=0 a2=ab9264 a3=80d2a00 items=0 ppid=3722 pid=4346 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448146.387:22): avc: denied { search } for pid=4346 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:02:32 2008 type=SYSCALL msg=audit(1208448152.988:25): arch=40000003 syscall=5 success=no exit=-13 a0=234b64 a1=0 a2=115264 a3=80d2a00 items=0 ppid=3722 pid=4427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448152.988:25): avc: denied { search } for pid=4427 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- time->Thu Apr 17 12:03:01 2008 type=SYSCALL msg=audit(1208448181.804:28): arch=40000003 syscall=5 success=no exit=-13 a0=367b64 a1=0 a2=248264 a3=80d2a00 items=0 ppid=3722 pid=4691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tcpdump" exe="/usr/sbin/tcpdump" subj=system_u:system_r:netutils_t:s0 key=(null) type=AVC msg=audit(1208448181.804:28): avc: denied { search } for pid=4691 comm="tcpdump" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir ---- selinux-policy 2.4.6 132.el5 noarch selinux-policy-targeted 2.4.6 132.el5 noarch
If by test you mean actually make sure the patch was applied to the package no. Sorry... 133 will have the patch. As far as testing SELinux fixes, I usually rely on the reporter to check, since I do not have the environment to test.
OK, I've verified that -133 fixes the issue in my test environment. Thanks!
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html