Created attachment 446509 [details] This is the yum repository configuration file in use when the AVC appeared. Description of problem: Received the attached AVC after install of a package. Consulted dwalsh on #selinux IRC channel who determined this was from a leaked file descriptor suggested filing a BZ calling for an selinux policy change. Version-Release number of selected component (if applicable): This was RHEL5.5 Server installed from internal Red Hat ISO. How reproducible: uncertain. Happened twice in the same day, not happening next day. Steps to Reproduce: 1. Install the condor-qmf package. (As of 9/10/2010, this was not yet released and was not available from the main RHN channel. I used the mrg-devel repository for yum to install this. The repository configuration file is attached) 2. 3. Actual results: The AVC alert shows up. Expected results: There should be no alert. Additional info: Snippet from #selinux IRC conversation: (05:16:22 PM) dwalsh: tmckay: Leaked file descriptor (05:16:29 PM) dwalsh: Nothing to worry about. (05:16:38 PM) tmckay: dwalsh, thanks. (05:16:50 PM) dwalsh: This is setfiles running in a post install script with its stdout set to the fifo_file owned by rpm. (05:16:55 PM) dwalsh: Everything worked fine. (05:17:35 PM) mcepl left the room (quit: Ping timeout: 240 seconds). (05:18:35 PM) mattf: dwalsh, anything we can do to avoid throwing the avc? if it's all ok should the default policy be changed? (05:18:52 PM) dwalsh: yes (05:19:00 PM) dwalsh: It should be dontaudited. (05:19:14 PM) dwalsh: Open a bugzilla (05:20:10 PM) mattf: component? (05:20:13 PM) dwalsh: In Current policy it is allowed (05:20:15 PM) dwalsh: audit2allow -i /tmp/t (05:20:16 PM) dwalsh: #============= setfiles_t ============== (05:20:16 PM) dwalsh: #!!!! This avc is allowed in the current policy (05:20:16 PM) dwalsh: allow setfiles_t rpm_script_t:fifo_file write; (05:20:20 PM) dwalsh: selinux-policy
Created attachment 446511 [details] This is the ouput from the altert.
Miroslav can you grab the rpm_dontaudit_leaks code from RHEL6 and backport it to RHEL5. rpm_dontaudit_leaks(domain)
Fixed in selinux-policy-2.4.6-285.el5.noarch
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1069.html