Bug 455469 - AVC denial when firstaidkit changes /var/log/firstaidkit.log after changing root passwd
Summary: AVC denial when firstaidkit changes /var/log/firstaidkit.log after changing r...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-15 17:19 UTC by Joel Andres Granados
Modified: 2008-07-15 18:10 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-07-15 18:10:39 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
the audit log (1.04 KB, text/plain)
2008-07-15 17:20 UTC, Joel Andres Granados
no flags Details

Description Joel Andres Granados 2008-07-15 17:19:42 UTC
Description of problem:
We have firstaidkit, (python script) that has a plugin called passwd which
serves the purpose of changing the root passwd. additionally firstaidkit logs to
/var/log/firstaidkit.log When I run any other plugin the log file is quite ok
and there are no problems but when I run passwd, it creates an SElinux denial :(
 I'm pretty sure that its at the moment when the passwd gets changed.


How reproducible:
always.  only with that plugin.  Other plugins log to that file with no problem

Steps to Reproduce:
1. yum install firstaidkit-plugin-passwd -y
2. firstaidkit -f passwd resetRoot
3. This should produce the AVC denial seen in /var/log/messages or
/var/log/audit/audit.log
  
Actual results:
AVC denial

Expected results:
For SElinux to let Firstaidkti change the root passwd.

Additional info:
I will attach the /var/log/audit/audit.log log.  I executed firstaidkit with an
empty log.

Comment 1 Joel Andres Granados 2008-07-15 17:20:10 UTC
Created attachment 311855 [details]
the audit log

Comment 2 Daniel Walsh 2008-07-15 18:10:39 UTC
Fixed in selinux-policy-3.4.2-14.fc10.noarch


Note You need to log in before you can comment on or make changes to this bug.