First Last Prev Next    This bug is not in your last search results.
Bug 494685 - SELinux is preventing devkit-disks-he (devicekit_disk_t) "sys_rawio" devicekit_disk_t.
SELinux is preventing devkit-disks-he (devicekit_disk_t) "sys_rawio" deviceki...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-07 15:00 EDT by Tomasz Torcz
Modified: 2009-04-08 08:25 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-08 08:25:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Tomasz Torcz 2009-04-07 15:00:25 EDT 
dzichu@sandworm:~% LC_ALL=C sealert -l 7d16f68f-d833-4daa-99dc-ca4d715160d0

Summary:

SELinux is preventing devkit-disks-he (devicekit_disk_t) "sys_rawio"
devicekit_disk_t.

Detailed Description:

SELinux denied access requested by devkit-disks-he. It is not expected that this
access is required by devkit-disks-he and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Additional Information:

Source Context                system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
Target Context                system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Source                        devkit-disks-he
Source Path                   /usr/libexec/devkit-disks-helper-ata-smart-collect
Source RPM Packages           DeviceKit-disks-004-0.4.20090406git.fc11
Policy RPM                    selinux-policy-3.6.10-9.fc11
Platform                      Linux sandworm.fordon.pl.eu.org
                              2.6.29.1-52.fc11.x86_64 #1 SMP Mon Apr 6 03:50:07
                              EDT 2009 x86_64 x86_64
Alert Count                   2

Raw Audit Messages            

node=sandworm.fordon.pl.eu.org type=AVC msg=audit(1239129426.103:30): avc:  denied  { sys_rawio } for  pid=5209 comm="devkit-disks-he" capability=17 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tclass=capability

node=sandworm.fordon.pl.eu.org type=SYSCALL msg=audit(1239129426.103:30): arch=c000003e syscall=16 success=yes exit=0 a0=3 a1=2285 a2=7fff2d07fab0 a3=3 items=0 ppid=4751 pid=5209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-he" exe="/usr/libexec/devkit-disks-helper-ata-smart-collect" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)
Comment 1 David Zeuthen 2009-04-07 15:15:08 EDT 
Please file SELinux policy bugs against selinux-policy, there's nothing I can do about them.
Comment 2 Daniel Walsh 2009-04-08 08:25:27 EDT 
Fixed in selinux-policy-3.6.12-1.fc11.noarch
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.