443286 – tmpwatch: 3* denieds for tex|dvips|pdftex after initial boot anacron run

Bug 443286 - tmpwatch: 3* denieds for tex|dvips|pdftex after initial boot anacron run

Summary: tmpwatch: 3* denieds for tex|dvips|pdftex after initial boot anacron run

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	texlive
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Jindrich Novy
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-04-20 08:02 UTC by David Timms
Modified:	2013-07-02 23:28 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-06 02:53:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
1 of 3 avc's against dvips (2.68 KB, text/plain) 2008-04-20 08:02 UTC, David Timms	no flags	Details
2 of 3 avc's against pdftex (2.68 KB, text/plain) 2008-04-20 08:03 UTC, David Timms	no flags	Details
3 of 3 avc's against tex (2.67 KB, text/plain) 2008-04-20 08:04 UTC, David Timms	no flags	Details
View All

Description David Timms 2008-04-20 08:02:59 UTC

Description of problem:
The following attached avc's for tmpwatch against tex, dvips, pdftex where noted
on a F9Preview fresh install.

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-35.fc9.noarch
selinux-policy-targeted-3.3.1-35.fc9.noarch
texlive-2007-28.fc9.i386
texlive-texmf-dvips-2007-20.fc9.noarch
texlive-texmf-fonts-2007-20.fc9.noarch

How reproducible:
Tried running cron.daily scripts to check wheich one, but didn't regenerate the avc.

Steps to Reproduce:
1. f9preview install {default selections}
2. boot it.
3. after 92mins, 
  
Actual results:
the 3x avc's are noted.

Expected results:
-

Additional info:
since updated to koji:
selinux-policy-3.3.1-36.fc9.noarch
selinux-policy-targeted-3.3.1-36.fc9.noarch
haven't been able to reproduce since initial boot.

Comment 1 David Timms 2008-04-20 08:02:59 UTC

Created attachment 303040 [details]
1 of 3 avc's against dvips

Comment 2 David Timms 2008-04-20 08:03:57 UTC

Created attachment 303041 [details]
2 of 3 avc's against pdftex

Comment 3 David Timms 2008-04-20 08:04:43 UTC

Created attachment 303042 [details]
3 of 3 avc's against tex

Comment 4 Daniel Walsh 2008-04-20 11:03:45 UTC

This is caused by texlive not fixing the labeling of this directory in its post
install.  It needs to run restorecon -R -v /var/lib/texmf.  If you run this
command you will fix the labeling.

Comment 5 Juha Tuomala 2008-04-30 19:42:14 UTC

 type=AVC msg=audit(1209562776.598:28): avc: denied { setattr } for pid=7428
comm="tmpwatch" name="dvips" dev=dm-2 ino=2965586
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir 

type=AVC msg=audit(1209562776.598:29): avc: denied { setattr } for pid=7428
comm="tmpwatch" name="pdftex" dev=dm-2 ino=2965587
scontext=system_u:system_r:tmpreaper_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir 

confirmed

Comment 6 Jindrich Novy 2008-05-06 02:53:38 UTC

Should be fixed by #444922.

Note You need to log in before you can comment on or make changes to this bug.