Bug 446840 - saslauthd needs access to /var/tmp/host_0
saslauthd needs access to /var/tmp/host_0
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2008-05-16 08:12 EDT by Kostas Georgiou
Modified: 2009-06-15 14:10 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-15 14:10:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kostas Georgiou 2008-05-16 08:12:37 EDT
Here is the avc:
type=AVC msg=audit(1210939235.962:45): avc:  denied  { getattr } for  pid=2428
comm="saslauthd" path="/var/tmp/host_0" dev=dm-3 ino=131097
tcontext=system_u:object_r:krb5_host_rcache_t:s0 tclass=file
Comment 1 Kostas Georgiou 2008-05-16 08:37:42 EDT

require {
  type saslauthd_t;


The above fixes all problems
Comment 2 Daniel Walsh 2008-05-16 14:43:27 EDT
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-52.fc9
Comment 3 Daniel Walsh 2008-11-17 17:03:57 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.
Comment 4 Charles Lopes 2009-03-10 10:17:33 EDT
This is still not fixed under Fedora 10 as of version 3.5.13-47.fc10. Can this be reopened please?
Comment 5 Daniel Walsh 2009-03-10 11:53:11 EDT
Miroslav please add

Comment 6 Miroslav Grepl 2009-03-10 12:02:01 EDT
OK, I will add it.
Comment 7 Miroslav Grepl 2009-03-16 13:41:38 EDT
Fixed in selinux-policy-3.5.13-49.fc10
Comment 8 Charles Lopes 2009-06-15 11:44:26 EDT
I can confirm that it is fixed with the latest selinux-policy packaged (checked version 3.5.13-61). It seems OK to close now.

Note You need to log in before you can comment on or make changes to this bug.