Bug 475224 - grepping socket produces "kernel: SELinux: WARNING: inside open_file_to_av with unknown mode:140XXX" messages
grepping socket produces "kernel: SELinux: WARNING: inside open_file_to_av wi...
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Eric Paris
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-08 10:32 EST by Tom London
Modified: 2009-03-06 08:30 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-06 08:30:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom London 2008-12-08 10:32:11 EST
Description of problem:
With kernel-2.6.28-0.114.rc7.git5.fc11.x86_64, running grep against (some?) sockets produce spew like the following:

Dec  8 07:23:08 tlondon kernel: SELinux: WARNING: inside open_file_to_av with unknown mode:140640
Dec  8 07:23:08 tlondon kernel: SELinux: WARNING: inside open_file_to_av with unknown mode:140666
Dec  8 07:23:08 tlondon kernel: SELinux: WARNING: inside open_file_to_av with unknown mode:140666

The above was produced by "cd /etc/httpd/run; grep dnsmasq *"; grep reports:
[root@tlondon run]# grep dnsmasq *
grep: audispd_events: No such device or address
grep: rpcbind.sock: No such device or address
grep: sdp: No such device or address
[root@tlondon run]#

Version-Release number of selected component (if applicable):
kernel-2.6.28-0.114.rc7.git5.fc11.x86_64

selinux-policy-targeted-3.6.1-6.fc11.noarch
selinux-policy-3.6.1-6.fc11.noarch

How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Eric Paris 2008-12-09 16:28:02 EST
this message should be completely harmless (outside of performance/serial spam/overhead/blah/blah/blah.  Do you have avc denials?

davej checked in the fix already:

* Fri Dec 05 2008 Dave Jones <davej@redhat.com>
- SELinux: check open perms in dentry_open not inode_permission

so it should be fixed on any F11 2.6.28-rc7-git5 or later kernel....
Comment 2 Eric Paris 2008-12-09 16:38:24 EST
ugggh, you have the patch, I might see what's going on, but still, those messages are "harmless"....
Comment 3 Eric Paris 2008-12-09 16:44:44 EST
S_IFSOCK == 0140000 for anyone who is playing along at home

/me did not realize it was possible to "open" a socket in this manor.
Comment 4 Tom London 2008-12-09 17:15:40 EST
Yeah, harmless.  Just spew.

No AVCs.....
Comment 6 Chuck Ebbert 2009-03-02 21:48:16 EST
commit 8b6a5a37f87a414ef8636e36ec75accb27bb7508 upstream
Comment 7 Eric Paris 2009-03-02 22:54:18 EST
I'm slack and still haven't fixed it....

[root@localhost ~]# grep hello /var/run/acpid.socket 
grep: /var/run/acpid.socket: No such device or address
[root@localhost ~]# dmesg -c
SELinux: WARNING: inside open_file_to_av with unknown mode:140666

I'll do it tomorrow, I don't remember why my patch wasn't accepted...
Comment 8 Eric Paris 2009-03-05 13:55:22 EST
patch sent to selinux list

Note You need to log in before you can comment on or make changes to this bug.