Bug 459390 - "permission ioctl is not defined for class sock_file" when using nscd_socket_use macro
"permission ioctl is not defined for class sock_file" when using nscd_socket_...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2008-08-18 08:18 EDT by Aleksander Adamowski
Modified: 2009-01-20 16:30 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 16:30:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aleksander Adamowski 2008-08-18 08:18:12 EDT
Description of problem:
When using the macro nscd_socket_use(DOMAIN) in custom modules, I no longer can compile them. I receive the following error:

ERROR 'permission ioctl is not defined for class sock_file' at token ';' on line 84001


ERROR 'permission lock is not defined for class sock_file' at token ';' on line 84001

In the sources I can see this macro (defined in policy/modules/services/nscd.if) has the following line:

allow $1 nscd_var_run_t:sock_file rw_file_perms;

It seems that now rw_file_perms cannot be applied to sock_file class. There's a separate permissions macro for that now: 

define(`rw_sock_file_perms',`{ getattr read write append }')

Version-Release number of selected component (if applicable):
Comment 1 Daniel Walsh 2008-08-20 06:59:37 EDT
This is already fixed in U3 policy.

You can get a preview in 

Comment 10 errata-xmlrpc 2009-01-20 16:30:25 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.