670730 – sectool prevented from running tests

Bug 670730 - sectool prevented from running tests

Summary: sectool prevented from running tests

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	14
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-19 06:00 UTC by Michael Cronenworth
Modified:	2011-01-25 20:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:	selinux-policy-3.9.7-25.fc14
Clone Of:
Environment:
Last Closed:	2011-01-25 20:58:29 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michael Cronenworth 2011-01-19 06:00:39 UTC

Description of problem: I installed sectool and attempted to start tests. After I press "Start" I get a SELINUX security alert from setroubleshoot. The offending audit message:

type=AVC msg=audit(1295413041.638:3755): avc:  denied  { sendto } for  pid=13088 comm="sectool-mechani" path="/tmp/sectool/b959224a77ee494201138d522b03795cd604ea10" scontext=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1295413041.638:3755): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff2b01ce70 a2=37 a3=ffffffff items=0 ppid=1 pid=13088 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sectool-mechani" exe="/usr/bin/python" subj=system_u:system_r:sectoolm_t:s0-s0:c0.c1023 key=(null)


Version-Release number of selected component (if applicable):
sectool-0.9.5-2.fc14.x86_64
selinux-policy-3.9.7-20.fc14.noarch
selinux-policy-targeted-3.9.7-20.fc14.noarch

How reproducible: Always


Steps to Reproduce:
1. Start sectool test
  
Actual results: Sectool appears to be hung, but you can stop the test attempt.


Expected results: Sectool runs tests.


Additional info:

I have generated my own policy to allow sectool to run and it is able to work with the custom policy in place.

Comment 1 Miroslav Grepl 2011-01-19 09:48:22 UTC

We need to add

userdom_dgram_send(sectoolm)

We have it in F13 policy.

Comment 2 Miroslav Grepl 2011-01-19 10:24:28 UTC

Fixed in selinux-policy-3.9.7-23.fc14

Comment 3 Fedora Update System 2011-01-20 16:04:14 UTC

selinux-policy-3.9.7-25.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14

Comment 4 Fedora Update System 2011-01-20 19:54:39 UTC

selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-25.fc14

Comment 5 Fedora Update System 2011-01-25 20:57:39 UTC

selinux-policy-3.9.7-25.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.