Bug 577519 - SELinux is preventing /lib64/security/pam_krb5/pam_krb5_storetmp "execute" access on /lib64/security/pam_krb5/pam_krb5_storetmp
Summary: SELinux is preventing /lib64/security/pam_krb5/pam_krb5_storetmp "execute" ac...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-03-27 18:40 UTC by Anthony Messina
Modified: 2010-04-09 01:24 UTC (History)
0 users

Fixed In Version: selinux-policy-3.6.32-108.fc12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-04-09 01:24:34 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Anthony Messina 2010-03-27 18:40:02 UTC 
Using selinux-policy-targeted-3.6.32-103.fc12.noarch, I get the following errors.  I use saslauthd -> PAM -> Kerberos for services like Cyrus-IMAPd and Postfix.

node=chicago.messinet.com type=AVC msg=audit(1269711121.296:78): avc:  denied  { execute } for  pid=3389 comm="saslauthd" name="pam_krb5_storetmp" dev=sdd3 ino=418648 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file

node=chicago.messinet.com type=AVC msg=audit(1269711121.296:78): avc:  denied  { read open } for  pid=3389 comm="saslauthd" name="pam_krb5_storetmp" dev=sdd3 ino=418648 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file

node=chicago.messinet.com type=AVC msg=audit(1269711121.296:78): avc:  denied  { execute_no_trans } for  pid=3389 comm="saslauthd" path="/lib64/security/pam_krb5/pam_krb5_storetmp" dev=sdd3 ino=418648 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file

node=chicago.messinet.com type=SYSCALL msg=audit(1269711121.296:78): arch=c000003e syscall=59 success=yes exit=0 a0=7f5b78b86298 a1=7fff381cb8a0 a2=7fff381cfeb8 a3=8 items=0 ppid=3388 pid=3389 auid=4294967295 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=4294967295 comm="pam_krb5_storet" exe="/lib64/security/pam_krb5/pam_krb5_storetmp" subj=system_u:system_r:saslauthd_t:s0 key=(null)
Comment 1 Daniel Walsh 2010-03-29 13:29:18 UTC 
Miroslav, 

add

corecmd_exec_bin(saslauthd_t)
Comment 2 Miroslav Grepl 2010-03-30 06:55:42 UTC 
Fixed in selinux-policy-3.6.32-108.fc12
Comment 3 Fedora Update System 2010-03-30 19:48:08 UTC 
selinux-policy-3.6.32-108.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-108.fc12
Comment 4 Fedora Update System 2010-04-01 01:54:04 UTC 
selinux-policy-3.6.32-108.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-108.fc12
Comment 5 Fedora Update System 2010-04-09 01:23:43 UTC 
selinux-policy-3.6.32-108.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.