Bug 491462 - AVC denials when restarting mysqld, network (possibly more)
AVC denials when restarting mysqld, network (possibly more)
Status: CLOSED DUPLICATE of bug 484370
Product: Fedora
Classification: Fedora
Component: kdebase (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Ngo Than
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-21 08:03 EDT by Viktor Erdelyi
Modified: 2009-04-13 15:12 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-13 15:12:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
alert 1 (5.58 KB, text/plain)
2009-03-21 08:03 EDT, Viktor Erdelyi
no flags Details
Alert 2 (5.59 KB, text/plain)
2009-03-21 08:04 EDT, Viktor Erdelyi
no flags Details
Alert 3 (5.64 KB, text/plain)
2009-03-21 08:04 EDT, Viktor Erdelyi
no flags Details
Alert 4 (2.83 KB, text/plain)
2009-03-21 08:04 EDT, Viktor Erdelyi
no flags Details
Alert 5 (2.27 KB, text/plain)
2009-03-21 08:05 EDT, Viktor Erdelyi
no flags Details
Mysqld alerts in one file (19.57 KB, text/plain)
2009-03-21 08:06 EDT, Viktor Erdelyi
no flags Details

  None (edit)
Description Viktor Erdelyi 2009-03-21 08:03:46 EDT
Created attachment 336151 [details]
alert 1

Description of problem:
I'm getting loads of AVC denials when I restart a service from a root prompt.

How reproducible:
always

Steps to Reproduce:
Restart a service (/etc/init.d/whatever restart)
Examples attached: mysqld, network
Reproducible with sshd too.
  
Version:
selinux-policy-3.5.13-48.fc10.noarch
Comment 1 Viktor Erdelyi 2009-03-21 08:04:17 EDT
Created attachment 336153 [details]
Alert 2
Comment 2 Viktor Erdelyi 2009-03-21 08:04:35 EDT
Created attachment 336154 [details]
Alert 3
Comment 3 Viktor Erdelyi 2009-03-21 08:04:57 EDT
Created attachment 336155 [details]
Alert 4
Comment 4 Viktor Erdelyi 2009-03-21 08:05:16 EDT
Created attachment 336156 [details]
Alert 5
Comment 5 Viktor Erdelyi 2009-03-21 08:06:32 EDT
Created attachment 336157 [details]
Mysqld alerts in one file
Comment 6 Miroslav Grepl 2009-03-23 08:50:14 EDT
It looks like that Alert 1,2,3 (partly mysqld alert) issues are caused by a leaked file descriptor in the console used to restart the daemon.

Are you using a Konsole terminal?


Alert 5 issue is a bug in kdebase.  The kdm login program thinks it's home dir is / so it is trying to create /.kde in the root directory.


Myslqd_safe_t issues are fixed in selinux-policy-3.5.13-51.fc10
Comment 7 Viktor Erdelyi 2009-03-23 09:34:51 EDT
Yes, I'm using Konsole. But if I use system-config-services to restart them, I don't get the AVCs.
Comment 8 Miroslav Grepl 2009-03-24 08:18:03 EDT
Ok, then it is caused by a leaked file descriptor in konsole/kdebase, which has been reported to them several times.

You can create a policy .te file like the following

cat > kdeleaks.te << __eof
policy_module(kdeleaks, 1.0)

require {
	type unconfined_t;
	attribute domain;
	class unix_stream_socket { read write };
}

#============= dhcpc_t ==============
dontaudit domain unconfined_t:unix_stream_socket { read write };

__eof
# make -f /usr/share/selinux/devel/Makefile
# semodule -i kdeleaks.pp
Comment 9 Rex Dieter 2009-04-13 15:12:35 EDT

*** This bug has been marked as a duplicate of bug 484370 ***

Note You need to log in before you can comment on or make changes to this bug.