Bug 447971 - SELinux is preventing polkit-read-aut (polkit_auth_t) "getattr" to / (fs_t).
Summary: SELinux is preventing polkit-read-aut (polkit_auth_t) "getattr" to / (fs_t).
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 9
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-22 18:02 UTC by David Florence
Modified: 2008-11-17 22:04 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-11-17 22:04:05 UTC


Attachments (Terms of Use)

Description David Florence 2008-05-22 18:02:57 UTC
Description of problem:
SELinux denied access requested by polkit-read-aut. It is not expected that this
access is required by polkit-read-aut and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access. 

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-51.fc9

How reproducible:
not sure

Steps to Reproduce:
1.unknown
2.
3.
  
Actual results:
n/a

Expected results:
n/a

Additional info:
You can generate a local policy module to allow this access - see FAQ Or you can
disable SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a bug report against this package.

Raw Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1211478397.429:13): avc: denied { getattr } for pid=3012
comm="polkit-read-aut" name="/" dev=sda3 ino=2
scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:fs_t:s0
tclass=filesystem

Comment 1 Daniel Walsh 2008-05-23 19:28:06 UTC
You can probably ignore this for now.

Fixed in selinux-policy-3.3.1-56.fc9.noarch

Comment 2 Daniel Walsh 2008-11-17 22:04:05 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.


Note You need to log in before you can comment on or make changes to this bug.