460635 – audisp_t signals prelude_audisp_t

Bug 460635 - audisp_t signals prelude_audisp_t

Summary: audisp_t signals prelude_audisp_t

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-08-29 11:11 UTC by Dominick Grift
Modified:	2008-08-29 20:24 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-08-29 20:24:24 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dominick Grift 2008-08-29 11:11:06 UTC

Description of problem:
avc:  denied  { signal } for  pid=2075 comm="audispd" scontext=system_u:system_r
:audisp_t:s0 tcontext=system_u:system_r:prelude_audisp_t:s0 tclass=process

Version-Release number of selected component (if applicable):
selinux-policy-3.5.5-1.fc10.noarch

solution:

logging.te

optional_policy(` 
	prelude_signal_audisp(audisp_t)
')

Comment 1 Daniel Walsh 2008-08-29 18:24:21 UTC

`logging_audisp_system_domain' 

Has 

	allow $1 audisp_t:process signal;

But I think this should be

	allow audisp_t $1:process signal;

I am not sure if a subprocess should be sending signals to audisp other then sigchld?

Comment 2 Steve Grubb 2008-08-29 19:17:57 UTC

Wrt to audispd and its children, child to parent is only SIGCHLD, parent to child is SIGHUP, SIGTERM, and SIGKILL if they don't listen very well.

Comment 3 Daniel Walsh 2008-08-29 20:24:24 UTC

Thanks Steve, I will fix the policy.

selinux-policy-3.5.5-3.fc10

Note You need to log in before you can comment on or make changes to this bug.