Description of problem: The recent tests show lots of ACV denials from user httpd on the F12 i386 system during work of SW nightly. Version-Release number of selected component (if applicable): SW nightly (the date: 07.Sep.2010) How reproducible: through RHTS test Steps to Reproduce: 1. install SW nightly on F12 i386 2. make some actions (like rhnpush a package and try to remove it through API) 3. look for AVC denials for the user httpd (/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR) Actual results: time->Tue Sep 7 15:27:09 2010 type=SYSCALL msg=audit(1283887629.218:33982): arch=40000003 syscall=5 success=no exit=-13 a0=bfcc3010 a1=98800 a2=660ff4 a3=0 items=0 ppid=8932 pid=8946 auid=4294967295 uid=48 gid=492 euid=48 suid=48 fsuid=48 egid=492 sgid=492 fsgid=492 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1283887629.218:33982): avc: denied { search } for pid=8946 comm="httpd" name="rpm" dev=dm-0 ino=32769 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir ---- time->Tue Sep 7 15:27:09 2010 type=SYSCALL msg=audit(1283887629.218:33983): arch=40000003 syscall=195 success=no exit=-13 a0=b1b31790 a1=bfcc2fcc a2=660ff4 a3=b1b3179c items=0 ppid=8932 pid=8946 auid=4294967295 uid=48 gid=492 euid=48 suid=48 fsuid=48 egid=492 sgid=492 fsgid=492 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1283887629.218:33983): avc: denied { getattr } for pid=8946 comm="httpd" path="/var/lib/rpm" dev=dm-0 ino=32769 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir Expected results: no avc denials Additional info:
This bug is not present on Fedora-13. But on Fedora-13 we have very similar issue with cobblerd. See bug 635681.
Mass-moving to space13.
(In reply to comment #2) > This bug is not present on Fedora-13. If the problem is not present on Fedora 13, closing as WONTFIX as Fedora 12 will be EOL'd within a week.