Bug 657449 - selinux alert
Summary: selinux alert
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: 0xFFFF
Version: 13
Hardware: i686
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-26 05:54 UTC by Jason M. Christos
Modified: 2010-12-02 10:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-01 15:51:41 UTC
Type: ---


Attachments (Terms of Use)
denials (1.41 KB, text/plain)
2010-11-29 13:38 UTC, Jason M. Christos
no flags Details

Description Jason M. Christos 2010-11-26 05:54:58 UTC
Description of problem: i dont understand selinux yet


Version-Release number of selected component (if applicable):


How reproducible: update selinux policy???


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:

no selinux alerts

Additional info:

Comment 1 Miroslav Grepl 2010-11-28 23:03:05 UTC
Are you seeing any AVC messages in sealert? 

If so, please attach and reopen the bug.

Comment 2 Jason M. Christos 2010-11-29 13:38:49 UTC
Created attachment 463484 [details]
denials

semod denial on update to leak in temp file

Comment 3 Jason M. Christos 2010-11-29 13:39:37 UTC
i attached a txt file including avc denials to leaked file descriptor in semod

Comment 4 Miroslav Grepl 2010-12-01 15:51:41 UTC
Jason,
how is labeled /usr/libexec/packagekitd?

# ls -Z /usr/libexec/packagekitd


Should be

# ls -Z /usr/libexec/packagekitd 
-rwxr-xr-x. root root system_u:object_r:rpm_exec_t:s0  /usr/libexec/packagekitd


If your label is different (I mean "rpm_exec_t" label), execute

# restorecon -R -v /usr/libexec/packagekitd

Which will fix the bad label. If I am wrong and your label is correct, please reopen the bug.

Comment 5 Jason M. Christos 2010-12-02 10:08:28 UTC
you were right -rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/libexec/packagekitd


Note You need to log in before you can comment on or make changes to this bug.