Bug 604012 - avc: denied { read write } for ... comm="passwd" name="ttyS0" dev=devtmpfs ...
avc: denied { read write } for ... comm="passwd" name="ttyS0" dev=devtmpfs ...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.0
All Linux
high Severity high
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-15 03:28 EDT by Milos Malik
Modified: 2010-07-07 05:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-16 06:01:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2010-06-15 03:28:07 EDT
Description of problem:
Several tests I executed yesterday reported the same AVC.

Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-24.el6.noarch
selinux-policy-targeted-3.7.19-24.el6.noarch

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:
--
type=SYSCALL msg=audit(1276527987.977:48427): arch=c000003e syscall=59 success=yes exit=0 a0=2860220 a1=2865b90 a2=285e0a0 a3=20 items=0 ppid=24494 pid=24558 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="passwd" exe="/usr/bin/passwd" subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1276527987.977:48427): avc:  denied  { read write } for  pid=24558 comm="passwd" name="ttyS0" dev=devtmpfs ino=5043 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
--

Expected results:
no AVCs
Comment 2 RHEL Product and Program Management 2010-06-15 03:53:12 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 4 Milos Malik 2010-06-15 07:43:43 EDT
It seems that kexec has the same problem as passwd.

----
time->Tue Jun 15 05:51:42 2010
type=SYSCALL msg=audit(1276595502.547:40576): arch=c000003e syscall=59 success=yes exit=0 a0=1266ee0 a1=125f150 a2=1266ff0 a3=20 items=0 ppid=14499 pid=14502 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="kexec" exe="/sbin/kexec" subj=unconfined_u:system_r:kdump_t:s0 key=(null)
type=AVC msg=audit(1276595502.547:40576): avc:  denied  { read append } for  pid=14502 comm="kexec" path="/dev/ttyS0" dev=devtmpfs ino=5009 scontext=unconfined_u:system_r:kdump_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1276595502.547:40576): avc:  denied  { read write } for  pid=14502 comm="kexec" name="ttyS0" dev=devtmpfs ino=5009 scontext=unconfined_u:system_r:kdump_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
----
Comment 5 Daniel Walsh 2010-06-15 16:33:48 EDT
Why did you run restorecon -R -v /dev?  THis causes the /dev/ttyS0 to be set back to the default label causing these avc messages.

When you login, the login program labels the tty to match the process.  If you run restorecon it sets it back to the state of a user not being logged in.

You should never need to run restorecon on /dev.  Udev manages that directory.

I think I should close this as not a bug.
Comment 6 Milos Malik 2010-06-16 01:51:09 EDT
I'm sorry I didn't know that udev also manages SELinux labels in /dev. Agreed - not a bug.
Comment 7 Miroslav Grepl 2010-06-16 06:01:48 EDT
I am closing it as NOTABUG.

Note You need to log in before you can comment on or make changes to this bug.