Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 587213 - SELinux is preventing /bin/bash "open" access on console.
SELinux is preventing /bin/bash "open" access on console.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
13
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:778d5612043...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-29 07:48 EDT by Nicolas Chauvet (kwizart)
Modified: 2010-05-04 19:56 EDT (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-10.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-04 19:56:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Nicolas Chauvet (kwizart) 2010-04-29 07:48:40 EDT 
Résumé:

SELinux is preventing /bin/bash "open" access on console.

Description détaillée:

[SELinux est en mode permissif. Cet accès n'a pas été refusé.]

SELinux a refusé l'accès demandé par ksmtuned. Il n'est pas prévu que cet
accès soit requis par ksmtuned et cet accès peut signaler une tentative
d'intrusion. Il est également possible que cette version ou cette configuration
spécifique de l'application provoque cette demande d'accès supplémenta

Autoriser l'accès:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Informations complémentaires:

Contexte source               system_u:system_r:ksmtuned_t:s0
Contexte cible                system_u:object_r:console_device_t:s0
Objets du contexte            console [ chr_file ]
source                        ksmtuned
Chemin de la source           /bin/bash
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         bash-4.1.2-4.fc13
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.7.19-2.fc13
Selinux activé               True
Type de politique             targeted
Mode strict                   Permissive
Nom du plugin                 catchall
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.33.2-57.fc13.x86_64 #1
                              SMP Tue Apr 20 08:57:50 UTC 2010 x86_64 x86_64
Compteur d'alertes            3
Première alerte              dim. 18 avril 2010 22:07:43 CEST
Dernière alerte              jeu. 29 avril 2010 13:08:59 CEST
ID local                      e9012a14-1e1c-4dd1-88aa-af543bcfc1cb
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1272539339.768:5): avc:  denied  { open } for  pid=1537 comm="ksmtuned" name="console" dev=devtmpfs ino=5503 scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file

node=(removed) type=SYSCALL msg=audit(1272539339.768:5): arch=c000003e syscall=2 success=yes exit=3 a0=225b010 a1=802 a2=c a3=1000 items=0 ppid=1536 pid=1537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ksmtuned" exe="/bin/bash" subj=system_u:system_r:ksmtuned_t:s0 key=(null)



Hash String generated from  catchall,ksmtuned,ksmtuned_t,console_device_t,chr_file,open
audit2allow suggests:

#============= ksmtuned_t ==============
allow ksmtuned_t console_device_t:chr_file open;
Comment 1 Daniel Walsh 2010-04-29 07:59:30 EDT 
Fixed in selinux-policy-3.7.19-8.fc13
Comment 2 Fedora Update System 2010-04-30 16:07:59 EDT 
selinux-policy-3.7.19-10.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
Comment 3 Fedora Update System 2010-04-30 19:50:31 EDT 
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
Comment 4 Fedora Update System 2010-05-04 19:55:39 EDT 
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.