Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 589409 - SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid file descriptor.
SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid fi...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
12
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:7c6d5ff22ac...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-06 01:05 EDT by Cássio Magno
Modified: 2010-05-06 08:41 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-06 08:41:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Cássio Magno 2010-05-06 01:05:33 EDT
Sumário:

SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid file
descriptor.

Descrição detalhada:

[hostname tem um tipo permissivo (hostname_t). Esse acesso não foi negado.]

SELinux denied access requested by the hostname command. It looks like this is
either a leaked descriptor or hostname output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /var/run/daemon.pid. You should generate a bugzilla on selinux-policy, and
it will get routed to the appropriate package. You can safely ignore this avc.

Permitindo acesso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)

Informações adicionais:

Contexto de origem            system_u:system_r:hostname_t:s0
Contexto de destino           system_u:object_r:initrc_var_run_t:s0
Objetos de destino            /var/run/daemon.pid [ file ]
Origem                        hostname
Caminho da origem             /bin/hostname
Porta                         <Desconhecido>
Máquina                      (removed)
Pacotes RPM de origem         net-tools-1.60-95.fc12
Pacotes RPM de destino        
RPM da política              selinux-policy-3.6.32-41.fc12
Selinux habilitado            True
Tipo de política             targeted
Modo reforçado               Enforcing
Nome do plugin                leaks
Nome da máquina              (removed)
Plataforma                    Linux (removed) 2.6.32.11-99.fc12.i686.PAE
                              #1 SMP Mon Apr 5 16:15:03 EDT 2010 i686 i686
Contador de alertas           4
Visto pela primeira vez em    Seg 03 Mai 2010 22:38:59 BRT
Visto pela última vez em     Qua 05 Mai 2010 22:20:24 BRT
ID local                      38a09453-cd6b-4d5c-ad2e-693b063658ee
Números de linha             

Mensagens de auditoria não p 

node=(removed) type=AVC msg=audit(1273108824.945:19): avc:  denied  { read write } for  pid=2050 comm="hostname" path="/var/run/daemon.pid" dev=sda2 ino=132231 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1273108824.945:19): arch=40000003 syscall=11 success=yes exit=0 a0=81d2108 a1=81d22d0 a2=81d32c8 a3=81d22d0 items=0 ppid=2049 pid=2050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hostname" exe="/bin/hostname" subj=system_u:system_r:hostname_t:s0 key=(null)



Hash String generated from  leaks,hostname,hostname_t,initrc_var_run_t,file,read,write
audit2allow suggests:

#============= hostname_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow hostname_t initrc_var_run_t:file { read write };
Comment 1 Daniel Walsh 2010-05-06 08:41:27 EDT
yum -y update

Note You need to log in before you can comment on or make changes to this bug.