Bug 510855 - /usr/libexec/cpufreq-applet causes SELinux alerts
/usr/libexec/cpufreq-applet causes SELinux alerts
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: gnome-applets (Show other bugs)
11
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
Fedora Extras Quality Assurance
:
: 509906 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-11 13:00 EDT by David Sommerseth
Modified: 2016-05-22 19:28 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-08 09:35:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Sommerseth 2009-07-11 13:00:28 EDT
Description of problem:
Whenever the CPU frequency or scheduling is changed via the cpufreq-applet in Gnome, a SELinux alert is registered.  Despite the SELinux alert says the access for the operation was denied, the CPU frequency is changed.

Version-Release number of selected component (if applicable):
gnome-applets-2.26.2-1.fc11.x86_64

How reproducible:
Every time a change is done via this applet.

Actual results:
--- SELinux alert ------------------------------------------------------------
* Summary
SELinux is preventing cpufreq-selecto (cpufreqselector_t) "read" security_t. 

* Detailed Description
SELinux denied access requested by cpufreq-selecto. It is not expected that this access is required by cpufreq-selecto and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 

Raw Audit Messages:

node=aurelius.mynet.net type=AVC msg=audit(1247330865.415:770): avc: denied { read } for pid=22424 comm="cpufreq-selecto" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file 

node=aurelius.mynet.net type=AVC msg=audit(1247330865.415:770): avc: denied { open } for pid=22424 comm="cpufreq-selecto" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file 

node=aurelius.mynet.net type=SYSCALL msg=audit(1247330865.415:770): arch=c000003e syscall=2 success=yes exit=3 a0=7fff578ad2c0 a1=0 a2=7fff578ad2cc a3=fffffff8 items=0 ppid=22423 pid=22424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cpufreq-selecto" exe="/usr/bin/cpufreq-selector" subj=system_u:system_r:cpufreqselector_t:s0-s0:c0.c1023 key=(null) 
-------------------------------------------------------------------------------

Expected results:
No alerts.
Comment 1 Jarod Wilson 2009-07-11 15:23:44 EDT
Wrong component.
Comment 2 Daniel Walsh 2010-02-08 09:35:49 EST
yum update
Comment 3 Daniel Walsh 2010-02-08 09:36:23 EST
*** Bug 509906 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.