Bug 440572 - scim-bridge causing avc denials with scim-chewing and scim-python-pinyin
scim-bridge causing avc denials with scim-chewing and scim-python-pinyin
Product: Fedora
Classification: Fedora
Component: scim-bridge (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Peng Huang
Fedora Extras Quality Assurance
: i18n
: 441177 (view as bug list)
Depends On:
Blocks: F9Target 441177
  Show dependency treegraph
Reported: 2008-04-04 01:10 EDT by Jens Petersen
Modified: 2008-04-11 01:48 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-11 01:47:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
selinux_alert.txt (4.71 KB, text/plain)
2008-04-04 01:55 EDT, Jens Petersen
no flags Details

  None (edit)
Description Jens Petersen 2008-04-04 01:10:40 EDT
Description of problem:
scim-bridge seems to be causing avc denials whenever IM is started under GNOME:
ie when the first gtk application using scim-bridge is started, when Chinese
IMEs are installed.

How reproducible:
every time

Steps to Reproduce:
1. sudo yum groupinstall chinese-support
2. start SCIM with im-chooser
2. restart desktop
3. press F2 or open a gtk or gnome application like gedit or gnome-terminal
Actual results:
3. avc denial and setroubleshooting star icon in notification area.

Expected results:
3. no selinux warning
Comment 1 Jens Petersen 2008-04-04 01:53:02 EDT
Meant to add that this doesn't happen if scim-bridge is removed.
Comment 2 Jens Petersen 2008-04-04 01:55:18 EDT
Created attachment 300387 [details]

(sorry the output is in Japanese)
Comment 3 Daniel Walsh 2008-04-04 17:43:08 EDT
Looks like scim-bridge is leaking open file descriptors that ldconfig is looking at.

fcntl(fd, F_SETFD, FD_CLOEXEC)
Comment 4 Caius Chance 2008-04-06 23:37:50 EDT
The file was denied access has same context as normal:

$ ll -Z /usr/share/chewing/us_freq.dat 
-rw-r--r--  root root system_u:object_r:usr_t:s0      

$ ll -Z /usr/share/scim-python/helper/__init__.py
-rw-r--r--  root root system_u:object_r:usr_t:s0      
Comment 5 Daniel Walsh 2008-04-08 08:50:54 EDT
Yes but ldconfig would not try to access this file.  So the problem is someone
is leaking an open file descriptor to ldconfig, and SELinux checks the access on
the open file descriptor causing the AVC.
Comment 6 Jens Petersen 2008-04-11 01:47:49 EDT
Hmm seems fixed in rawhide anyway.  Thanks
Comment 7 Jens Petersen 2008-04-11 01:48:15 EDT
*** Bug 441177 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.