Bug 621121 - denied access to z90crypt device for sshd
denied access to z90crypt device for sshd
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Miroslav Vadkerti
Depends On:
  Show dependency treegraph
Reported: 2010-08-04 06:31 EDT by Miroslav Vadkerti
Modified: 2018-01-05 05:19 EST (History)
4 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-36.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-11-10 16:35:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miroslav Vadkerti 2010-08-04 06:31:16 EDT
Description of problem:
type=AVC msg=audit(1280223091.264:18859): avc:  denied  { read write } for  pid=3148 comm="sshd" name="z90crypt" dev=devtmpfs ino=12534 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 
                 tcontext=system_u:object_r:crypt_device_t:s0 tclass=chr_file

Version-Release number of selected component (if applicable):

Actual results:
AVC denial

Expected results:
No AVC denial

Additional info:
sshd is using z90crypt device on s390x mainframes when CPACF is enabled
Comment 2 Miroslav Grepl 2010-08-04 08:01:37 EDT
> Additional info:
> sshd is using z90crypt device on s390x mainframes when CPACF is enabled    

Then we should add

Comment 4 Miroslav Grepl 2010-08-06 09:16:23 EDT
Fixed in selinux-policy-3.7.19-36.el6.noarch.
Comment 6 Miroslav Vadkerti 2010-08-18 02:23:50 EDT
VERIFIED as fixed in selinux-policy-3.7.19-38.el6.

No AVC detected anymore. 

# sesearch -s sshd_t -t crypt_device_t -c chr_file --allow
Found 1 semantic av rules:
   allow sshd_t crypt_device_t : chr_file { ioctl read write getattr lock append open } ;
Comment 7 releng-rhel@redhat.com 2010-11-10 16:35:58 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.