559221 – SELinux is preventing /bin/hostname access to a leaked /var/run/zabbix/zabbix_agentd.pid file descriptor.

Bug 559221 - SELinux is preventing /bin/hostname access to a leaked /var/run/zabbix/zabbix_agentd.pid file descriptor.

Summary: SELinux is preventing /bin/hostname access to a leaked /var/run/zabbix/zabbix...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	zabbix
Sub Component:
Version:	12
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Dan Horák
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://support.zabbix.com/browse/ZBX...
Whiteboard:	setroubleshoot_trace_hash:2b29ceecd21...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-01-27 13:42 UTC by RJ
Modified:	2010-02-18 22:39 UTC (History)
CC List:	5 users (show)
Fixed In Version:	zabbix-1.6.8-2.fc11
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-02-18 22:20:21 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description RJ 2010-01-27 13:42:14 UTC

Hash String generated from  selinux-policy-3.6.32-69.fc12,leaks,hostname,hostname_t,zabbix_var_run_t,file,write
audit2allow suggests:

Comment 1 Daniel Walsh 2010-01-27 16:34:06 UTC

Zabbix needs to close on exec all file descriptors

fcntl(fd, F_SETFD, FD_CLOEXEC)

Comment 2 Dan Horák 2010-02-01 14:19:09 UTC

Not only file descriptors are leaking, but also sockets. Fixed package is on the way ...

Comment 3 Fedora Update System 2010-02-01 15:08:01 UTC

zabbix-1.6.8-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/zabbix-1.6.8-2.fc11

Comment 4 Fedora Update System 2010-02-01 15:08:06 UTC

zabbix-1.6.8-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/zabbix-1.6.8-2.fc12

Comment 5 Fedora Update System 2010-02-02 20:41:49 UTC

zabbix-1.6.8-2.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update zabbix'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-1387

Comment 6 Fedora Update System 2010-02-02 20:45:23 UTC

zabbix-1.6.8-2.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update zabbix'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1413

Comment 7 Fedora Update System 2010-02-18 22:20:17 UTC

zabbix-1.6.8-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2010-02-18 22:39:20 UTC

zabbix-1.6.8-2.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.