First Last Prev Next    This bug is not in your last search results.
Bug 491613 - SELinux is preventing devkit-power-da (devicekit_power_t) "sys_nice" devicekit_power_t.
SELinux is preventing devkit-power-da (devicekit_power_t) "sys_nice" deviceki...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-23 06:47 EDT by Björn Seifert
Modified: 2009-03-23 13:05 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-23 13:05:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Björn Seifert 2009-03-23 06:47:02 EDT 
Description of problem:
SELinux denied access requested by devkit-power-da. It is not expected that this access is required by devkit-power-da and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Source Context                system_u:system_r:devicekit_power_t:s0-s0:c0.c1023
Target Context                system_u:system_r:devicekit_power_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Source                        devkit-power-da
Source Path                   /usr/libexec/devkit-power-daemon
Port                          <Unknown>
Host                          eeepc
Source RPM Packages           DeviceKit-power-006-3.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     eeepc
Platform                      Linux eeepc 2.6.29-0.258.rc8.git2.fc11.i586 #1 SMP
                              Mon Mar 16 20:53:59 EDT 2009 i686 i686
Alert Count                   1
First Seen                    Mon 23 Mar 2009 10:40:24 AM CET
Last Seen                     Mon 23 Mar 2009 10:40:24 AM CET
Local ID                      83f0c517-3c11-4a5f-818f-366b9cce2008
Line Numbers                  

Raw Audit Messages            

node=eeepc type=AVC msg=audit(1237801224.9:23): avc:  denied  { sys_nice } for  pid=2680 comm="devkit-power-da" capability=23 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tclass=capability

node=eeepc type=SYSCALL msg=audit(1237801224.9:23): arch=40000003 syscall=3 success=yes exit=211 a0=9 a1=bff73c3c a2=1000 a3=9624b88 items=0 ppid=1 pid=2680 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-power-da" exe="/usr/libexec/devkit-power-daemon" subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2009-03-23 13:05:35 EDT 
You can add these rules for now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.