Bug 442054 - audit + prelude AVCs
audit + prelude AVCs
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-11 10:38 EDT by LC Bruzenak
Modified: 2008-04-14 16:28 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-14 14:01:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
audisp-prelude avc (1.58 KB, text/plain)
2008-04-11 10:39 EDT, LC Bruzenak
no flags Details
ausearch avc (4.28 KB, text/plain)
2008-04-11 10:40 EDT, LC Bruzenak
no flags Details
prelude avc (31.65 KB, text/plain)
2008-04-11 10:40 EDT, LC Bruzenak
no flags Details

  None (edit)
Description LC Bruzenak 2008-04-11 10:38:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.4) Gecko/20070607 Swiftweasel/2.0.0.4

Description of problem:
Rawhide (F9) with:

policycoreutils-2.0.46-2.fc9.i386
selinux-policy-3.3.1-32.fc9.noarch
selinux-policy-devel-3.3.1-32.fc9.noarch
policycoreutils-newrole-2.0.46-2.fc9.i386
selinux-policy-mls-3.3.1-32.fc9.noarch
selinux-policy-targeted-3.3.1-32.fc9.noarch
checkpolicy-2.0.13-1.fc9.i386
hack-policy-1.0.0-18.noarch
policycoreutils-gui-2.0.46-2.fc9.i386

audit-1.7.1-1.fc9.i386

prelude-manager-0.9.11-1.fc9.i386
libprelude-0.9.16.2-2.fc9.i386
prelude-lml-0.9.11-2.fc9.i386

After booting, starting up application see a number of AVCs in audit (attached).

I am using relaying from this machine to another; this is different from Steve G.'s testing. 

Version-Release number of selected component (if applicable):
selinux-policy-mls-3.3.1-32.fc9.noarch

How reproducible:
Always


Steps to Reproduce:
1.Boot
2.Start application
3.run "ausearch --start today -m avc -x prelude"

Actual Results:
Saw the attached AVC list in the ausearch results.

Expected Results:
Hopefully no AVCs related to prelude/audit.

Additional info:
I can add any relevant information needed on request (audit rules, etc.) but didn't want to clog this bz with irrelevant info.
Attached files are results of:
prelude.avc : ausearch --start today -m avc -x prelude > prelude.avc
ausearch.avc : ausearch --start today -m avc -x ausearch > ausearch.avc
audisp-prelude.avc : ausearch --start today -m avc -x audisp-prelude > audisp-prelude.avc
Comment 1 LC Bruzenak 2008-04-11 10:39:45 EDT
Created attachment 302128 [details]
audisp-prelude avc
Comment 2 LC Bruzenak 2008-04-11 10:40:15 EDT
Created attachment 302129 [details]
ausearch avc
Comment 3 LC Bruzenak 2008-04-11 10:40:35 EDT
Created attachment 302130 [details]
prelude avc
Comment 4 Daniel Walsh 2008-04-14 13:59:47 EDT
This looks like a labeling problem.  prelude-manager is running as initrc_t
rather then the correct context.  What is it labeled?

Also staff_t should not be allowed to look at audit data, so the second avc's
are caused by you not transitioning to sysadm_r:sysadm_t
Comment 5 Daniel Walsh 2008-04-14 14:01:07 EDT
The other problem is prelude policy is not included in mls policy.  I will add
and update 

Fixed in selinux-policy-3.3.1-35.fc9
Comment 6 LC Bruzenak 2008-04-14 16:28:23 EDT
(In reply to comment #4)
> This looks like a labeling problem.  prelude-manager is running as initrc_t
> rather then the correct context.  What is it labeled?
> 
> Also staff_t should not be allowed to look at audit data, so the second avc's
> are caused by you not transitioning to sysadm_r:sysadm_t
> 
prelude-manager is labeled:
[lenny@sun ~]$ ls -alZ /usr/bin/prelude-manager
-rwxr-xr-x  root root system_u:object_r:bin_t:SystemLow /usr/bin/prelude-manager
[lenny@sun ~]$ ps -eadflZ | grep prelude-manager
system_u:system_r:initrc_t:SystemLow-SystemHigh 1 S root 2082 1  0 80 0 - 8864
sys_po 12:03 ?     00:00:01 prelude-manager -d
user_u:user_r:user_t:SystemLow  0 S lenny     3514  3473  0  80   0 -  1041
pipe_w 15:28 pts/1    00:00:00 grep prelude-manager

Note You need to log in before you can comment on or make changes to this bug.