Bug 622598 - SELinux is preventing /bin/bash "execute_no_trans" access on /lib/upstart/shutdown.
Summary: SELinux is preventing /bin/bash "execute_no_trans" access on /lib/upstar...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy   
(Show other bugs)
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Whiteboard: setroubleshoot_trace_hash:9a64233e852...
Depends On:
TreeView+ depends on / blocked
Reported: 2010-08-09 21:17 UTC by Horst H. von Brand
Modified: 2010-08-16 12:14 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-08-16 12:14:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Horst H. von Brand 2010-08-09 21:17:53 UTC

SELinux is preventing /bin/bash "execute_no_trans" access on

Detailed Description:

SELinux denied access requested by ck-system-stop. It is not expected that this
access is required by ck-system-stop and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug

Additional Information:

Source Context                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context                system_u:object_r:lib_t:s0
Target Objects                /lib/upstart/shutdown [ file ]
Source                        ck-system-stop
Source Path                   /bin/bash
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bash-4.1.7-3.fc14
Target RPM Packages           upstart-0.6.5-7.fc14
Policy RPM                    selinux-policy-3.8.8-3.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.35-0.56.rc6.git1.fc14.x86_64 #1 SMP Sat Jul 24
                              00:49:49 UTC 2010 x86_64 x86_64
Alert Count                   5
First Seen                    Mon 26 Jul 2010 09:56:28 PM CLT
Last Seen                     Tue 27 Jul 2010 10:49:29 AM CLT
Local ID                      715c72eb-2eb1-47e4-ace8-82fe4220bb2a
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1280242169.668:631): avc:  denied  { execute_no_trans } for  pid=3811 comm="ck-system-stop" path="/lib/upstart/shutdown" dev=dm-0 ino=1024005 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1280242169.668:631): arch=c000003e syscall=59 success=no exit=-13 a0=14dcb50 a1=14dafd0 a2=14dab60 a3=20 items=0 ppid=3810 pid=3811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ck-system-stop" exe="/bin/bash" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)

Hash String generated from  catchall,ck-system-stop,consolekit_t,lib_t,file,execute_no_trans
audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t lib_t:file execute_no_trans;

Comment 1 Daniel Walsh 2010-08-10 12:33:49 UTC
yum update selinux-policy 
restorecon /lib/upstart/shutdown
/lib/upstart/shutdown	system_u:object_r:shu

Comment 2 Horst H. von Brand 2010-08-12 00:08:50 UTC
# ls -lZ /lib/upstart/shutdown 
-rwxr-xr-x. root root system_u:object_r:shutdown_exec_t:s0 /lib/upstart/shutdown


No mention of upstart in /var/log/audit/audit.log

Comment 3 Daniel Walsh 2010-08-13 16:18:22 UTC
Sot it should work fine now.  The bug happened in July

Comment 4 Horst H. von Brand 2010-08-16 03:27:45 UTC
Should I close it? I'm on systemd right now...

Note You need to log in before you can comment on or make changes to this bug.