Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 483567

Summary: NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin
Product: [Community] Spacewalk Reporter: Jan Pazdziora (Red Hat) <jpazdziora>
Component: ServerAssignee: Miroslav Suchý <msuchy>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 0.4CC: jesusr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-17 07:09:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 456553    

Description Jan Pazdziora (Red Hat) 2009-02-02 13:53:35 UTC 
Description of problem:

When monitoring scout is enabled in Spacewalk WebUI, the following AVC denial is logged:

avc:  denied  { search } for  pid=25506 comm="gogo.pl" name="root" dev=dm-0 ino=2450401 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir

So something tries to search /root.

By stracing Tomcat and its children, I came to suspect code in

  monitoring/PerlModules/NP/SetID/SetID.pm

which does

##########
sub path {
##########
  my $self = shift;
  my @path;
  my @candidates = (join('/', $self->env('HOME'), 'bin'), @BASEPATH);

  foreach my $dir (@candidates) {
    next if (/^ROOT:/ and $self->euid != 0 and $self->ruid != 0);
    s/^ROOT://;
    push(@path, $dir) if (-d $dir);
  }

  return join(":", @path);
}

Version-Release number of selected component (if applicable):

perl-NOCpulse-SetID-1.6.8-1.el5

How reproducible:

Deterministic.

Steps to Reproduce:
1. Enable monitoring, enable monitoring scout.
2. See /var/log/audit/autid.log.
  
Actual results:

The denial above.

Expected results:

No denial. And no statting "ROOT:..." paths in strace.

Additional info:
Comment 1 Miroslav Suchý 2009-02-18 14:01:48 UTC 
Fixed in:
ae7dd13ad1d27bbf06de2c14bd87072021cd9742
d6f1782b00ceb40dee771db565ecd0ff595bb7fb
Package:
perl-NOCpulse-SetID-1.6.11-1
Comment 2 Jesus M. Rodriguez 2009-02-24 21:31:19 UTC 
moving back to space05
Comment 3 Jesus M. Rodriguez 2009-04-14 14:12:39 UTC 
Spacewalk 0.5 released.
Comment 4 Miroslav Suchý 2009-09-17 07:09:52 UTC 
Spacewalk 0.5 has been released for long time ago.