Bug 440640 - AVC denied on service radvd start
AVC denied on service radvd start
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Josef Kubin
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-04 07:30 EDT by Martin Nagy
Modified: 2016-07-26 19:46 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-04 18:02:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Nagy 2008-04-04 07:30:05 EDT
Description of problem:
I am seeing AVC denied messages when starting radvd.

Version-Release number of selected component (if applicable):
radvd-1.1-2.fc9

How reproducible:
start radvd

Steps to Reproduce:
1. service radvd start

host=example.com type=AVC msg=audit(1207239937.649:265): avc:  denied  { read }
for  pid=26027 comm="radvd" path="pipe:[1921993]" dev=pipefs ino=1921993
scontext=unconfined_u:system_r:radvd_t:s0
tcontext=unconfined_u:system_r:radvd_t:s0 tclass=fifo_file

host=example.com type=SYSCALL msg=audit(1207239937.649:265): arch=40000003
syscall=3 success=no exit=-13 a0=5 a1=bfd72fb0 a2=18 a3=0 items=0 ppid=26026
pid=26027 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts6 comm="radvd" exe="/usr/sbin/radvd"
subj=unconfined_u:system_r:radvd_t:s0 key=(null)


host=example.com type=AVC msg=audit(1207239937.650:266): avc:  denied  { write }
for  pid=26028 comm="radvd" path="pipe:[1921993]" dev=pipefs ino=1921993
scontext=unconfined_u:system_r:radvd_t:s0
tcontext=unconfined_u:system_r:radvd_t:s0 tclass=fifo_file

host=example.com type=SYSCALL msg=audit(1207239937.650:266): arch=40000003
syscall=4 success=no exit=-13 a0=6 a1=bfd72f94 a2=18 a3=0 items=0 ppid=26026
pid=26028 auid=500 uid=75 gid=75 euid=75 suid=75 fsuid=75 egid=75 sgid=75
fsgid=75 tty=(none) comm="radvd" exe="/usr/sbin/radvd"
subj=unconfined_u:system_r:radvd_t:s0 key=(null)
Comment 1 Josef Kubin 2008-04-04 10:26:39 EDT
It needs:
allow radvd_t self:fifo_file { read write };

Dan, here is my patch:
http://people.redhat.com/jkubin/stuff/myFix.patch
Comment 2 Daniel Walsh 2008-04-04 18:02:06 EDT
Looks good,

Fixed in selinux-policy-3.3.1-28.fc9

Note You need to log in before you can comment on or make changes to this bug.