Bug 505275 - AVC fail when running botan testsuite
AVC fail when running botan testsuite
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2009-06-11 06:07 EDT by Michal Nowak
Modified: 2013-03-07 21:06 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-25 07:37:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michal Nowak 2009-06-11 06:07:23 EDT
Description of problem:

See $(URL) for the complete log from testcase /tools/gcc/performance/botan


time->Wed Jun 10 11:11:42 2009
type=SYSCALL msg=audit(1244646702.869:8): arch=40000003 syscall=5 success=no exit=-13 a0=bfbb52b0 a1=0 a2=0 a3=2 items=0 ppid=10057 pid=10063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ifconfig" exe="/sbin/ifconfig" subj=system_u:system_r:ifconfig_t:s0 key=(null)
type=AVC msg=audit(1244646702.869:8): avc:  denied  { dac_read_search } for  pid=10063 comm="ifconfig" capability=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability
type=AVC msg=audit(1244646702.869:8): avc:  denied  { dac_override } for  pid=10063 comm="ifconfig" capability=1 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability

Version-Release number of selected component (if applicable):


tree: RHEL5.4-Server-20090608.0
job: https://rhts.redhat.com/cgi-bin/rhts/jobs.cgi?id=64353

How reproducible:

Comment 1 Daniel Walsh 2009-06-11 17:53:39 EDT
This looks like you have some ownership problem in your test.  Are all the files running owned by root?  Is ifconfig running from a directory not owned by root.

dac_overrdie and dac_read_search, means ifconfig is trying to do something that needs it to override the owner or permissions of a file because they root does not have the ability to use the file.
Comment 2 Michal Nowak 2009-06-12 09:27:07 EDT
I can see there's reference in the code to `ifconfig`

sources/Botan-1.6.5/modules/es_unix/unix_src.cpp:   srcs.push_back(Unix_Program("ifconfig -a",           2));

and yes, there are some weird ownership set to bogus value: "1000:1000". I'll do some changes in the test itself and see whether the AVC disappears or not.
Comment 3 Michal Nowak 2009-06-25 07:37:00 EDT
Made changes to botan test, so AVC is calmed down.

Note You need to log in before you can comment on or make changes to this bug.