Bug 462699 - avc: denied { read } for pid=2276 comm= while testing latest 5.3 tree
avc: denied { read } for pid=2276 comm= while testing latest 5.3 tree
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Brock Organ
http://rhts.redhat.com/cgi-bin/rhts/t...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-18 08:58 EDT by Jeff Burke
Modified: 2008-10-02 10:16 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-02 10:16:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Burke 2008-09-18 08:58:29 EDT
Description of problem:

During the install of the latest nightly tree (RHEL5.3-Server-20080918.nightly)
the system gets several avc:denied messges

Version-Release number of selected component (if applicable):
RHEL5.3-Server-20080918.nightly

How reproducible:
Always (i386, x86_64, ia64)

Steps to Reproduce:
1. Try a nfs install from pxe with a ks.cfg file.

Actual results:

type=1400 audit(1221724280.939:4): avc:  denied  { read } for  pid=2276 comm="auditd" name="audispd" dev=dm-0 ino=7241856 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:audisp_exec_t:s0 tclass=file
type=1400 audit(1221724285.073:5): avc:  denied  { read } for  pid=2579 comm="cupsd" name="cups" dev=dm-0 ino=2457728 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
type=1400 audit(1221724285.092:6): avc:  denied  { read } for  pid=2579 comm="cupsd" name="tmp" dev=dm-0 ino=2457729 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_spool_t:s0 tclass=dir

Expected results:
We should not get avc messages after a normal install

Additional info:
Comment 1 Daniel Walsh 2008-09-18 16:18:15 EDT
Which selinux policy did you use?

Where was the tmp directory located?
Comment 2 Jeff Burke 2008-09-18 16:56:27 EDT
Which selinux policy did you use?
 The one that was in the RHEL5.3-Server-20080918.nightly tree
selinux-policy-2.4.6-154.el5.noarch.rpm
selinux-policy-mls-2.4.6-154.el5.noarch.rpm
selinux-policy-targeted-2.4.6-154.el5.noarch.rpm
selinux-policy-devel-2.4.6-154.el5.noarch.rpm
selinux-policy-strict-2.4.6-154.el5.noarch.rpm    


Where was the tmp directory located?
 I have no idea. This was an automated install. But I am assuming /tmp
Comment 4 Daniel Walsh 2008-09-18 17:10:07 EDT
 Thu Sep 11 2008 Dan Walsh <dwalsh@redhat.com>  2.4.6-155
- Complete backport of logging/audit policy
- Allow pegasus to look at kernel xen information
#Resolves: #440151
Resolves: #461624
Explains the first audisp one.  

158 is in policy now.

The cups one looks like a labeling problem.
Comment 5 Daniel Walsh 2008-09-18 17:14:11 EDT
# find /var/spool -name tmp
/var/spool/cups/tmp

In Fedora 9

/var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)

Says this should have been labeled print_spool_t

Does rpm know about this directory?
rpm -qf /var/spool/cups
Comment 7 Daniel Walsh 2008-10-01 07:34:36 EDT
I am not sure how this was mislabeled.  Could you check with the latest RHEL5 161 package whether this still happens?
Comment 8 Jeff Burke 2008-10-01 09:33:50 EDT
Dan,
   I don't see the message in last nights RHEL5.3 20080930.0 tree.
So that issue maybe gone. Or if there was some package interaction type issue
the offending package may not have been installed.
Comment 9 Daniel Walsh 2008-10-02 10:16:38 EDT
OK I will close this as worksforme, reopen if it happens again.

Note You need to log in before you can comment on or make changes to this bug.