644333 – SELinux is preventing /bin/bash "read" access on /home/mark.

Bug 644333 - SELinux is preventing /bin/bash "read" access on /home/mark.

Summary: SELinux is preventing /bin/bash "read" access on /home/mark.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	5.6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:	setroubleshoot_trace_hash:eaebbbe5d47...
Depends On:	587669
Blocks:	640580
TreeView+	depends on / blocked

Reported:	2010-10-19 13:27 UTC by Aleš Mareček
Modified:	2011-01-13 21:50 UTC (History)
CC List:	10 users (show)
Fixed In Version:	selinux-policy-2.4.6-296.el5
Doc Type:	Bug Fix
Doc Text:	Under certain circumstances, SELinux could report that Internet Protocol Security (IPsec) management tools require read access to the content of a user's home directory. This error no longer occurs, and an appropriate SELinux rule has been added to resolve this issue.
Clone Of:	587669
Environment:
Last Closed:	2011-01-13 21:50:54 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0026	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2011-01-12 16:11:15 UTC

Comment 1 Miroslav Grepl 2010-10-19 14:11:53 UTC

Fixed in selinux-policy-2.4.6-288.el5

Comment 4 Miroslav Grepl 2010-11-29 11:52:25 UTC

Milos,
does the test pass in enforcing mode? 

I will add

files_dontaudit_search_home(ipsec_mgmt_t)

Comment 5 Miroslav Grepl 2010-12-01 10:13:48 UTC

Fixed in selinux-policy-2.4.6-296.el5

Comment 7 Jaromir Hradilek 2011-01-05 16:24:02 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Under certain circumstances, SELinux could report that Internet Protocol Security (IPsec) management tools require read access to the content of a user's home directory. This error no longer occurs, and an appropriate SELinux rule has been added to resolve this issue.

Comment 9 errata-xmlrpc 2011-01-13 21:50:54 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0026.html

Note You need to log in before you can comment on or make changes to this bug.