First Last Prev Next    This bug is not in your last search results.
Bug 439688 - vigr accesses cwd, thus causing selinux denials
vigr accesses cwd, thus causing selinux denials
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: util-linux-ng (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Karel Zak
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-30 10:43 EDT by Mads Kiilerich
Modified: 2008-04-28 10:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-28 10:37:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mads Kiilerich 2008-03-30 10:43:05 EDT 
Description of problem:


Version-Release number of selected component (if applicable):
util-linux-ng-2.13.1-1.fc8
vim-minimal-7.1.211-1.fc8

Steps to Reproduce:
1. enable selinux
2. cd /root
3. vigr
  
Actual results:
host=localhost.localdomain type=AVC msg=audit(1206887819.190:250): avc: denied {
read } for pid=25098 comm="vi" name="root" dev=dm-0 ino=4291608
scontext=unconfined_u:system_r:sysadm_passwd_t:s0-s0:c0.c1023
tcontext=root:object_r:sysadm_home_dir_t:s0 tclass=dir
host=localhost.localdomain type=SYSCALL msg=audit(1206887819.190:250):
arch=40000003 syscall=5 success=no exit=-13 a0=80c9581 a1=8000 a2=0 a3=8000
items=0 ppid=25097 pid=25098 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 comm="vi" exe="/bin/vi"
subj=unconfined_u:system_r:sysadm_passwd_t:s0-s0:c0.c1023 key=(null) 

Additional info:
Apparently vigr works anyway - but I really don't know and could fear that the
denial prevents something important...
Comment 1 Daniel Walsh 2008-04-28 10:37:57 EDT 
This looks like vigr/vi is looking at the current working directory that it is
being run in and is generating a denial.  This can safely be ignored.


I just tried this on Fedora 9, and I don't get the AVC.

So I am just going to close this as fixed in the next release.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.