Bug 450023 - selinux denies itself
Summary: selinux denies itself
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: athlon
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-04 19:56 UTC by Gene Heskett
Modified: 2008-11-17 22:04 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-17 22:04:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Gene Heskett 2008-06-04 19:56:56 UTC
Description of problem:

Installing todays updates.  Fedora 8 system on i686 box.

New versions of selinux drove semanager wild, 32 denials shown by
selinuxtroubleshooter


Version-Release number of selected component (if applicable):

See below, snipped from the troubleshooters screen.


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info: from setroubleshooter's screen:
Source Context:  system_u:system_r:semanage_t:s0Target Context: 
system_u:system_r:semanage_t:s0Target Objects:  None [ capability ]Source: 
semanageSource Path:  /usr/bin/pythonPort:  <Unknown>Host: 
coyote.coyote.denSource RPM Packages:  python-2.5.1-15.fc8Target RPM Packages: 
Policy RPM:  selinux-policy-3.0.8-109.fc8Selinux Enabled:  TruePolicy Type: 
targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost
Name:  coyote.coyote.denPlatform:  Linux coyote.coyote.den 2.6.26-rc4 #1 PREEMPT
Mon May 26 16:26:36 EDT 2008 i686 athlonAlert Count:  35First Seen:  Thu 03 Apr
2008 07:25:10 PM EDTLast Seen:  Wed 04 Jun 2008 03:41:09 PM EDTLocal ID: 
392eafd9-66b9-48a6-8522-1660a81ce85e
Line Numbers:  Raw Audit Messages :host=coyote.coyote.den type=AVC
msg=audit(1212608469.430:3233): avc: denied { sys_tty_config } for pid=29804
comm="semanage" capability=26 scontext=system_u:system_r:semanage_t:s0
tcontext=system_u:system_r:semanage_t:s0 tclass=capability
host=coyote.coyote.den type=SYSCALL msg=audit(1212608469.430:3233):
arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bf86d45c a3=bf86d57c
items=0 ppid=29800 pid=29804 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=2 comm="semanage" exe="/usr/bin/python"
subj=system_u:system_r:semanage_t:s0 key=(null)

So I don't know if selinux is working after the upgrade or not.  In any event, I
am well protected by the router from outside attacks.

Comment 1 Daniel Walsh 2008-07-02 18:56:07 UTC
You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-75.fc9.noarch

Comment 2 Daniel Walsh 2008-11-17 22:04:25 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.


Note You need to log in before you can comment on or make changes to this bug.