Bug 589409 - SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid file descriptor.
Summary: SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid fi...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Whiteboard: setroubleshoot_trace_hash:7c6d5ff22ac...
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-06 05:05 UTC by Cássio Magno
Modified: 2010-05-06 12:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-06 12:41:27 UTC
Type: ---

Attachments (Terms of Use)

Description Cássio Magno 2010-05-06 05:05:33 UTC

SELinux is preventing /bin/hostname access to a leaked /var/run/daemon.pid file

Descrição detalhada:

[hostname tem um tipo permissivo (hostname_t). Esse acesso não foi negado.]

SELinux denied access requested by the hostname command. It looks like this is
either a leaked descriptor or hostname output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /var/run/daemon.pid. You should generate a bugzilla on selinux-policy, and
it will get routed to the appropriate package. You can safely ignore this avc.

Permitindo acesso:

You can generate a local policy module to allow this access - see FAQ

Informações adicionais:

Contexto de origem            system_u:system_r:hostname_t:s0
Contexto de destino           system_u:object_r:initrc_var_run_t:s0
Objetos de destino            /var/run/daemon.pid [ file ]
Origem                        hostname
Caminho da origem             /bin/hostname
Porta                         <Desconhecido>
Máquina                      (removed)
Pacotes RPM de origem         net-tools-1.60-95.fc12
Pacotes RPM de destino        
RPM da política              selinux-policy-3.6.32-41.fc12
Selinux habilitado            True
Tipo de política             targeted
Modo reforçado               Enforcing
Nome do plugin                leaks
Nome da máquina              (removed)
Plataforma                    Linux (removed)
                              #1 SMP Mon Apr 5 16:15:03 EDT 2010 i686 i686
Contador de alertas           4
Visto pela primeira vez em    Seg 03 Mai 2010 22:38:59 BRT
Visto pela última vez em     Qua 05 Mai 2010 22:20:24 BRT
ID local                      38a09453-cd6b-4d5c-ad2e-693b063658ee
Números de linha             

Mensagens de auditoria não p 

node=(removed) type=AVC msg=audit(1273108824.945:19): avc:  denied  { read write } for  pid=2050 comm="hostname" path="/var/run/daemon.pid" dev=sda2 ino=132231 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1273108824.945:19): arch=40000003 syscall=11 success=yes exit=0 a0=81d2108 a1=81d22d0 a2=81d32c8 a3=81d22d0 items=0 ppid=2049 pid=2050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hostname" exe="/bin/hostname" subj=system_u:system_r:hostname_t:s0 key=(null)

Hash String generated from  leaks,hostname,hostname_t,initrc_var_run_t,file,read,write
audit2allow suggests:

#============= hostname_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow hostname_t initrc_var_run_t:file { read write };

Comment 1 Daniel Walsh 2010-05-06 12:41:27 UTC
yum -y update

Note You need to log in before you can comment on or make changes to this bug.