Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 450117 - Kernel failed to return fully qualified path for AVC denial
Summary: Kernel failed to return fully qualified path for AVC denial
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: John Dennis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-05 14:08 UTC by Casey Dahlin
Modified: 2014-06-18 08:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-06-05 17:39:13 UTC
Type: ---

Attachments (Terms of Use)
AVC denial with unclear path (2.68 KB, text/plain)
2008-06-05 14:08 UTC, Casey Dahlin 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

Description Casey Dahlin 2008-06-05 14:08:39 UTC 
I got an AVC denial due to a mislabeled file, and the denial said NetworkManager
had attempted to run "./nscd" whereas it would be expected that a full path
would be provided.

The setroubleshoot report is attached
Comment 1 Casey Dahlin 2008-06-05 14:08:39 UTC 
Created attachment 308441 [details]
AVC denial with unclear path
Comment 2 Dave Jones 2008-06-05 14:16:12 UTC 
we normally print the path, which leads me to believe that nm isn't passing
anything other than ./

Should we perhaps print cwd if the path begins with ./ ?  Hmm.
Comment 3 Eric Paris 2008-06-05 14:29:14 UTC 
I'm pretty sure the "./" is just some crap that setroubleshoot added for no
apparent reason.  Its not in the audit records.  SELinux will only print the
full paths if it is available for free.  If you want full paths you need to load
an audit syscall.  I suggest in /etc/audit/audit.rules:

auditctl -a exit,always -S kill -F pid=1

I think this should be moved to and setroubleshoot bug so it will stop saying ./
but the fact you don't get a full path is NOTABUG
Comment 4 Daniel Walsh 2008-06-05 17:39:13 UTC 
So we came to the conclusion in the Chat room that you need to take the
performance hit if you want to always get the data.
Note You need to log in before you can comment on or make changes to this bug.