Bug 541610 - AVC denial messages on multipathd tests
AVC denial messages on multipathd tests
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.4
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-11-26 08:34 EST by michal novacek
Modified: 2010-10-22 15:23 EDT (History)
16 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-22 15:23:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test log, avc denial in rhts (101 bytes, text/plain)
2009-11-26 08:34 EST, michal novacek
no flags Details
correct link to test log (102 bytes, text/plain)
2009-11-26 08:36 EST, michal novacek
no flags Details
new link to beaker job, rhts link stoped working (111 bytes, text/plain)
2010-09-10 05:00 EDT, michal novacek
no flags Details

  None (edit)
Description michal novacek 2009-11-26 08:34:21 EST
Created attachment 373997 [details]
test log, avc denial in rhts

Description of problem:
On running tests in rhts with iscsid/multipathd I have a lot of avc denial
messages from "pam_console_apply". I'm loging this as followup to bz530972.

Version-Release number of selected component (if applicable):
RHEL5-Server-U4
device-mapper-multipath-0.4.7-30.el5_4.4.x86_64.rpm
selinux-policy-2.4.6-255.el5

How reproducible: always

Steps to Reproduce:
1. run /kernel/storage/device-mapper/multipath rhts test

Actual results: AVC denial messages

Expected results: clear blue sky

Additional info:
all denial messages looks like this: 
time->Fri Oct 23 15:02:52 2009
type=SYSCALL msg=audit(1256324572.395:12): arch=40000003 syscall=5 success=no
exit=-13 a0=bfe664b0 a1=18800 a2=3f4ff4 a3=0 items=0 ppid=11767 pid=11776
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="pam_console_app" exe="/sbin/pam_console_apply"
subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1256324572.395:12): avc:  denied  { read } for  pid=11776
comm="pam_console_app" name="/" dev=dm-4 ino=2
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir
----
Comment 1 michal novacek 2009-11-26 08:36:59 EST
Created attachment 373998 [details]
correct link to test log

The previous link is not correct.
Comment 3 michal novacek 2010-09-10 05:00:07 EDT
Created attachment 446462 [details]
new link to beaker job, rhts link stoped working

Added link to beaker job log as the problem persists.
Comment 5 Zdenek Kabelac 2010-10-22 05:44:18 EDT
Forwarding this bugzilla to selinux team
Comment 6 Daniel Walsh 2010-10-22 10:28:09 EDT
file_t means you created a file system without putting labels on it.  Does you test create a file system?
Comment 7 Zdenek Kabelac 2010-10-22 10:38:24 EDT
Unsure who could answer on this BZ - I think the original reporter is no longer working for RH - so if this is not a bug on Selinux side - I think it could be safely closed.

Note You need to log in before you can comment on or make changes to this bug.