Bug 483567 - NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin
NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Suchý
Red Hat Satellite QA List
Depends On:
Blocks: space05
  Show dependency treegraph
Reported: 2009-02-02 08:53 EST by Jan Pazdziora
Modified: 2009-09-17 03:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-17 03:09:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Pazdziora 2009-02-02 08:53:35 EST
Description of problem:

When monitoring scout is enabled in Spacewalk WebUI, the following AVC denial is logged:

avc:  denied  { search } for  pid=25506 comm="gogo.pl" name="root" dev=dm-0 ino=2450401 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir

So something tries to search /root.

By stracing Tomcat and its children, I came to suspect code in


which does

sub path {
  my $self = shift;
  my @path;
  my @candidates = (join('/', $self->env('HOME'), 'bin'), @BASEPATH);

  foreach my $dir (@candidates) {
    next if (/^ROOT:/ and $self->euid != 0 and $self->ruid != 0);
    push(@path, $dir) if (-d $dir);

  return join(":", @path);

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Enable monitoring, enable monitoring scout.
2. See /var/log/audit/autid.log.
Actual results:

The denial above.

Expected results:

No denial. And no statting "ROOT:..." paths in strace.

Additional info:
Comment 1 Miroslav Suchý 2009-02-18 09:01:48 EST
Fixed in:
Comment 2 Jesus M. Rodriguez 2009-02-24 16:31:19 EST
moving back to space05
Comment 3 Jesus M. Rodriguez 2009-04-14 10:12:39 EDT
Spacewalk 0.5 released.
Comment 4 Miroslav Suchý 2009-09-17 03:09:52 EDT
Spacewalk 0.5 has been released for long time ago.

Note You need to log in before you can comment on or make changes to this bug.