Bug 642935 - SELinux is preventing /sbin/setfiles access to a leaked tcp_socket file descriptor.
SELinux is preventing /sbin/setfiles access to a leaked tcp_socket file descr...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh (Show other bugs)
5.6
All Linux
low Severity medium
: rc
: ---
Assigned To: Radek Vokal
BaseOS QE Security Team
: SELinux
Depends On: 541809 559542
Blocks: 700492
  Show dependency treegraph
 
Reported: 2010-10-14 04:40 EDT by Miroslav Vadkerti
Modified: 2012-11-05 10:15 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 559542
Environment:
Last Closed: 2012-02-21 01:12:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Comment 1 Miroslav Vadkerti 2010-10-14 04:41:23 EDT
This bug exists in RHEL5.6 - openssh-4.3p2-57.el5

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   PASS   ] :: Running 'echo 'session    required     pam_namespace.so debug' >> /etc/pam.d/sshd'
:: [   PASS   ] :: Running 'echo '$HOME    $HOME/$USER.inst/ user' >> /etc/security/namespace.conf'
:: [   PASS   ] :: Running 'sed -i 's/exit 0/lsof -p $$ \&>$2\/testout; exit 0/g' /etc/security/namespace.init'
:: [   PASS   ] :: Running './ssh.exp'
:: [   FAIL   ] :: File '/root/root.inst/root/testout' should not contain 'TCP' 
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 4 good, 1 bad
:: [   FAIL   ] :: RESULT: Test
Comment 2 Miroslav Vadkerti 2011-04-05 04:26:52 EDT
This bug still exists in openssh-4.3p2-72.el5
Comment 3 RHEL Product and Program Management 2011-05-31 10:31:38 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 4 Jan F. Chadima 2011-07-28 06:26:08 EDT
This bug is resolved in RHE6. Therefore, I recommend upgrading to RHEL6 all customers who are affected by this issue.
Comment 9 errata-xmlrpc 2012-02-21 01:12:00 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0237.html

Note You need to log in before you can comment on or make changes to this bug.