664049 – KDE: kdepim (akonadi) 4.6 currently doesn't work w. confined domains

Bug 664049 - KDE: kdepim (akonadi) 4.6 currently doesn't work w. confined domains

Summary: KDE: kdepim (akonadi) 4.6 currently doesn't work w. confined domains

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	14
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-17 20:04 UTC by Carl G.
Modified:	2010-12-28 20:56 UTC (History)
CC List:	3 users (show)
Fixed In Version:	selinux-policy-3.9.7-19.fc14
Clone Of:
Environment:
Last Closed:	2010-12-28 20:56:49 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Carl G. 2010-12-17 20:04:20 UTC

That's what i got after disabling the dontaudit rules:

type=AVC msg=audit(1292615925.298:170): avc:  denied  { getattr } for  pid=3339 comm="akonadiserver" path="/usr/libexec/mysqld" dev=dm-1 ino=18961 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1292615925.298:170): arch=c000003e syscall=4 success=yes exit=0 a0=a4ba28 a1=a476e8 a2=a476e8 a3=e9 items=0 ppid=3337 pid=3339 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="akonadiserver" exe="/usr/bin/akonadiserver" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1292615925.314:171): avc:  denied  { execute } for  pid=3342 comm="akonadiserver" name="mysqld" dev=dm-1 ino=18961 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=file
type=AVC msg=audit(1292615925.314:171): avc:  denied  { read open } for  pid=3342 comm="akonadiserver" name="mysqld" dev=dm-1 ino=18961 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=file
type=AVC msg=audit(1292615925.314:171): avc:  denied  { execute_no_trans } for  pid=3342 comm="akonadiserver" path="/usr/libexec/mysqld" dev=dm-1 ino=18961 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1292615925.314:171): arch=c000003e syscall=59 success=yes exit=0 a0=a49e30 a1=a48ee0 a2=7fffb4bae178 a3=7fffb4bac7e0 items=0 ppid=3339 pid=3342 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mysqld" exe="/usr/libexec/mysqld" subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)

Comment 1 Daniel Walsh 2010-12-17 20:41:34 UTC

Is this a mysqld database that runs under the users domain?  Under the current Users UID?

Comment 2 Kevin Kofler 2010-12-17 22:31:03 UTC

Yes, that's how Akonadi works.

Comment 3 Daniel Walsh 2010-12-20 21:40:39 UTC

Miroslav lets add

optional_policy(`
	mysql_exec(staff_t)
')

Comment 4 Miroslav Grepl 2010-12-22 12:17:58 UTC

Fixed in selinux-policy-3.9.7-19.fc14

Comment 5 Fedora Update System 2010-12-22 15:31:49 UTC

selinux-policy-3.9.7-19.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-19.fc14

Comment 6 Fedora Update System 2010-12-22 19:49:59 UTC

selinux-policy-3.9.7-19.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-19.fc14

Comment 7 Fedora Update System 2010-12-28 20:56:39 UTC

selinux-policy-3.9.7-19.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.