Bug 467369 - avc: denied { getattr } for comm="audispd" path="/sbin/audispd-zos-remote"
avc: denied { getattr } for comm="audispd" path="/sbin/audispd-zos-remote"
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: beta
: ---
Assigned To: Daniel Walsh
Alexander Todorov
Depends On:
  Show dependency treegraph
Reported: 2008-10-17 02:55 EDT by Alexander Todorov
Modified: 2014-03-29 15:59 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 16:31:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alexander Todorov 2008-10-17 02:55:21 EDT
Description of problem:
During upgrade with yum from RHEL5.2-Server to RHEL5.3-Server-20081006.0 there's a SELinux denial.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install RHEL5.2-Server, @everything
2. configure yum repos for latest release
3. do yum update
Actual results:
SELinux denial

Expected results:
No SElinux denial

Additional info:
audit(1223991963.240:147): avc:  denied  { getattr } for  pid=9921 comm="audispd" path="/sbin/audispd-zos-remote" dev=dm-0 ino=30572858 scontext=system_u:system_r:audisp_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file

after install:
-rwxr-x---  root root system_u:object_r:sbin_t         /sbin/audispd
-rwxr-x---  root root system_u:object_r:sbin_t         /sbin/audispd-zos-remote

after upgrade:
-rwxr-x---  root root system_u:object_r:audisp_exec_t  /sbin/audispd
-rwxr-x---  root root system_u:object_r:sbin_t         /sbin/audispd-zos-remote
Comment 3 Daniel Walsh 2008-10-17 08:41:58 EDT
The audit package ships with policy for audispd-zos-remote, it does not seem to be being applied.  We can replace this with policy provided from the selinux-policy  package, as we are now doing in Rawhide.
Comment 4 Daniel Walsh 2008-10-17 16:19:41 EDT
-rwxr-x---  root root system_u:object_r:sbin_t         /sbin/audisp-remote
This is labeled incorrectly,  if you run restorecon -v /sbin/audisp-remote, what happens?
Comment 5 Steve Grubb 2008-10-17 16:26:13 EDT
We should take selinux policy out of the audit package and put it in the selinux-policy package. We'll need both audit and selinux-policy errata put in need respin to fix.
Comment 6 Alexander Todorov 2008-10-20 03:33:22 EDT
after restorecon for /sbin/audispd-zos-remote and /sbin/audisp-remote the context is:

-rwxr-x---  root root system_u:object_r:audisp_exec_t  /sbin/audispd
-rwxr-x---  root root system_u:object_r:sbin_t         /sbin/audispd-zos-remote
-rwxr-x---  root root system_u:object_r:audisp_remote_exec_t /sbin/audisp-remote

Only audisp-remote was changed and I still have denial for audisps-zos-remote
Comment 7 Daniel Walsh 2008-10-20 13:33:32 EDT
Fixed in selinux-policy-2.4.6-169.el5
Comment 12 errata-xmlrpc 2009-01-20 16:31:11 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.