Bug 450117 - Kernel failed to return fully qualified path for AVC denial
Kernel failed to return fully qualified path for AVC denial
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: setroubleshoot (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: John Dennis
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-05 10:08 EDT by Casey Dahlin
Modified: 2014-06-18 04:46 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-05 13:39:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
AVC denial with unclear path (2.68 KB, text/plain)
2008-06-05 10:08 EDT, Casey Dahlin
no flags Details

  None (edit)
Description Casey Dahlin 2008-06-05 10:08:39 EDT
I got an AVC denial due to a mislabeled file, and the denial said NetworkManager
had attempted to run "./nscd" whereas it would be expected that a full path
would be provided.

The setroubleshoot report is attached
Comment 1 Casey Dahlin 2008-06-05 10:08:39 EDT
Created attachment 308441 [details]
AVC denial with unclear path
Comment 2 Dave Jones 2008-06-05 10:16:12 EDT
we normally print the path, which leads me to believe that nm isn't passing
anything other than ./

Should we perhaps print cwd if the path begins with ./ ?  Hmm.
Comment 3 Eric Paris 2008-06-05 10:29:14 EDT
I'm pretty sure the "./" is just some crap that setroubleshoot added for no
apparent reason.  Its not in the audit records.  SELinux will only print the
full paths if it is available for free.  If you want full paths you need to load
an audit syscall.  I suggest in /etc/audit/audit.rules:

auditctl -a exit,always -S kill -F pid=1

I think this should be moved to and setroubleshoot bug so it will stop saying ./
but the fact you don't get a full path is NOTABUG 
Comment 4 Daniel Walsh 2008-06-05 13:39:13 EDT
So we came to the conclusion in the Chat room that you need to take the
performance hit if you want to always get the data.

Note You need to log in before you can comment on or make changes to this bug.