Bug 684067 - SELinux is preventing /usr/libexec/hald-addon-storage from 'read' accesses on the lnk_file /etc/mtab.
Summary: SELinux is preventing /usr/libexec/hald-addon-storage from 'read' accesses on...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 15
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:eee29be64c6...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-11 01:45 UTC by Horst H. von Brand
Modified: 2011-03-19 21:29 UTC (History)
4 users (show)

Fixed In Version: selinux-policy-3.9.16-5.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-19 05:53:56 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Horst H. von Brand 2011-03-11 01:45:47 UTC 
SELinux is preventing /usr/libexec/hald-addon-storage from 'read' accesses on the lnk_file /etc/mtab.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that hald-addon-storage should be allowed read access on the mtab lnk_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep hald-addon-stor /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:hald_t:s0
Target Context                system_u:object_r:etc_runtime_t:s0
Target Objects                /etc/mtab [ lnk_file ]
Source                        hald-addon-stor
Source Path                   /usr/libexec/hald-addon-storage
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           hal-storage-addon-0.5.14-6.fc15
Target RPM Packages           util-linux-2.19-3.fc15
Policy RPM                    selinux-policy-3.9.16-1.fc15
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.38-0.rc8.git0.1.fc15.x86_64 #1 SMP Tue Mar 8
                              08:22:15 UTC 2011 x86_64 x86_64
Alert Count                   2716
First Seen                    Wed 09 Mar 2011 11:10:41 PM CLST
Last Seen                     Thu 10 Mar 2011 10:44:50 PM CLST
Local ID                      a7a7c4c2-c2fd-453c-9178-7f45df07aca5

Raw Audit Messages
type=AVC msg=audit(1299807890.382:2941): avc:  denied  { read } for  pid=3506 comm="hald-addon-stor" name="mtab" dev=dm-0 ino=41 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1299807890.382:2941): arch=x86_64 syscall=open success=no exit=EACCES a0=40441a a1=0 a2=1b6 a3=0 items=0 ppid=3456 pid=3506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=hald-addon-stor exe=/usr/libexec/hald-addon-storage subj=system_u:system_r:hald_t:s0 key=(null)

Hash: hald-addon-stor,hald_t,etc_runtime_t,lnk_file,read

audit2allow

#============= hald_t ==============
allow hald_t etc_runtime_t:lnk_file read;

audit2allow -R

#============= hald_t ==============
allow hald_t etc_runtime_t:lnk_file read;
Comment 1 Miroslav Grepl 2011-03-11 11:17:31 UTC 
Fixed in selinux-policy-3.9.16-4.fc15
Comment 2 Fedora Update System 2011-03-17 15:28:47 UTC 
selinux-policy-3.9.16-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-5.fc15
Comment 3 Fedora Update System 2011-03-19 05:52:59 UTC 
selinux-policy-3.9.16-5.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.