Bug 450023 - selinux denies itself
selinux denies itself
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
athlon Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-04 15:56 EDT by Gene Heskett
Modified: 2008-11-17 17:04 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-17 17:04:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gene Heskett 2008-06-04 15:56:56 EDT
Description of problem:

Installing todays updates.  Fedora 8 system on i686 box.

New versions of selinux drove semanager wild, 32 denials shown by
selinuxtroubleshooter


Version-Release number of selected component (if applicable):

See below, snipped from the troubleshooters screen.


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info: from setroubleshooter's screen:
Source Context:  system_u:system_r:semanage_t:s0Target Context: 
system_u:system_r:semanage_t:s0Target Objects:  None [ capability ]Source: 
semanageSource Path:  /usr/bin/pythonPort:  <Unknown>Host: 
coyote.coyote.denSource RPM Packages:  python-2.5.1-15.fc8Target RPM Packages: 
Policy RPM:  selinux-policy-3.0.8-109.fc8Selinux Enabled:  TruePolicy Type: 
targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost
Name:  coyote.coyote.denPlatform:  Linux coyote.coyote.den 2.6.26-rc4 #1 PREEMPT
Mon May 26 16:26:36 EDT 2008 i686 athlonAlert Count:  35First Seen:  Thu 03 Apr
2008 07:25:10 PM EDTLast Seen:  Wed 04 Jun 2008 03:41:09 PM EDTLocal ID: 
392eafd9-66b9-48a6-8522-1660a81ce85e
Line Numbers:  Raw Audit Messages :host=coyote.coyote.den type=AVC
msg=audit(1212608469.430:3233): avc: denied { sys_tty_config } for pid=29804
comm="semanage" capability=26 scontext=system_u:system_r:semanage_t:s0
tcontext=system_u:system_r:semanage_t:s0 tclass=capability
host=coyote.coyote.den type=SYSCALL msg=audit(1212608469.430:3233):
arch=40000003 syscall=54 success=yes exit=0 a0=1 a1=5401 a2=bf86d45c a3=bf86d57c
items=0 ppid=29800 pid=29804 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=2 comm="semanage" exe="/usr/bin/python"
subj=system_u:system_r:semanage_t:s0 key=(null)

So I don't know if selinux is working after the upgrade or not.  In any event, I
am well protected by the router from outside attacks.
Comment 1 Daniel Walsh 2008-07-02 14:56:07 EDT
You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-75.fc9.noarch
Comment 2 Daniel Walsh 2008-11-17 17:04:25 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.