Bug 598447 - service nscd restart produces AVCs
service nscd restart produces AVCs
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-01 08:21 EDT by Milos Malik
Modified: 2014-12-08 16:11 EST (History)
4 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-23.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-10 16:34:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2010-06-01 08:21:14 EDT
Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-21.el6
selinux-policy-targeted-3.7.19-21.el6

How reproducible:
always

Steps to Reproduce:
# getsebool -a | grep nscd
nscd_use_shm --> on
# service nscd start
Starting nscd:                                             [  OK  ]
# service nscd restart
Stopping nscd:                                             [  OK  ]
Starting nscd:                                             [  OK  ]
# service nscd stop
Stopping nscd:                                             [  OK  ]
  
Actual results:
----
time->Mon May 31 06:33:25 2010
type=SYSCALL msg=audit(1275302005.620:70206): arch=40000003 syscall=85 success=no exit=-13 a0=1c6e4d a1=b7596a64 a2=fff a3=b7596a64 items=0 ppid=1 pid=7256 auid=0 uid=0 gid=28 euid=0 suid=0 fsuid=0 egid=28 sgid=28 fsgid=28 tty=(none) ses=3 comm="nscd" exe="/usr/sbin/nscd" subj=unconfined_u:system_r:nscd_t:s0 key=(null)
type=AVC msg=audit(1275302005.620:70206): avc:  denied  { sys_ptrace } for  pid=7256 comm="nscd" capability=19  scontext=unconfined_u:system_r:nscd_t:s0 tcontext=unconfined_u:system_r:nscd_t:s0 tclass=capability
----

Expected results:
no AVCs
Comment 1 Daniel Walsh 2010-06-02 14:55:07 EDT
Fixed in selinux-policy-3.7.19-23.el6.noarch
Comment 2 Petr Muller 2010-06-03 07:17:17 EDT
I may take care of the verification, we saw this in our tier tests.
Comment 4 Milos Malik 2010-06-04 08:28:08 EDT
(In reply to comment #2)
> I may take care of the verification, we saw this in our tier tests.    

I'm leaving it in MODIFIED, so you can take it. From my point of view it's fixed.
Comment 7 releng-rhel@redhat.com 2010-11-10 16:34:29 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.