Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): selinux-policy-minimum-3.7.19-86.el6.noarch selinux-policy-doc-3.7.19-86.el6.noarch selinux-policy-mls-3.7.19-86.el6.noarch selinux-policy-3.7.19-86.el6.noarch selinux-policy-targeted-3.7.19-86.el6.noarch scsi-target-utils-1.0.14-2.el6 How reproducible: always Steps to Reproduce: # service tgtd start Starting SCSI target daemon: [FAILED] # service tgtd status tgtd is stopped # service tgtd restart Stopping SCSI target daemon: not running[FAILED] Starting SCSI target daemon: [FAILED] # service tgtd status tgtd is stopped Actual results (enforcing mode): ---- type=SYSCALL msg=audit(04/20/2011 06:02:55.917:3260) : arch=x86_64 syscall=bind success=no exit=-13(Permission denied) a0=6 a1=7fffff669fe0 a2=6e a3=2 items=0 ppid=17717 pid=17718 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=7 comm=tgtd exe=/usr/sbin/tgtd subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(04/20/2011 06:02:55.917:3260) : avc: denied { write } for pid=17718 comm=tgtd name=run dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- type=SYSCALL msg=audit(04/20/2011 06:02:58.196:3261) : arch=x86_64 syscall=bind success=no exit=-13(Permission denied) a0=6 a1=7fffd5b50d30 a2=6e a3=2 items=0 ppid=17765 pid=17766 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=7 comm=tgtd exe=/usr/sbin/tgtd subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(04/20/2011 06:02:58.196:3261) : avc: denied { write } for pid=17766 comm=tgtd name=run dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- Actual results (permissive mode): ---- time->Wed Apr 20 06:03:48 2011 type=SYSCALL msg=audit(1303293828.107:3263): arch=c000003e syscall=49 success=yes exit=0 a0=6 a1=7fffa3f08e70 a2=6e a3=2 items=0 ppid=18110 pid=18111 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=7 comm="tgtd" exe="/usr/sbin/tgtd" subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(1303293828.107:3263): avc: denied { create } for pid=18111 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=AVC msg=audit(1303293828.107:3263): avc: denied { add_name } for pid=18111 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1303293828.107:3263): avc: denied { write } for pid=18111 comm="tgtd" name="run" dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- time->Wed Apr 20 06:03:50 2011 type=SYSCALL msg=audit(1303293830.622:3265): arch=c000003e syscall=87 success=yes exit=0 a0=7fffe6a0bc00 a1=4309fa a2=26 a3=7fffe6a0b980 items=0 ppid=18171 pid=18172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=7 comm="tgtd" exe="/usr/sbin/tgtd" subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(1303293830.622:3265): avc: denied { unlink } for pid=18172 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" dev=dm-0 ino=2623284 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=AVC msg=audit(1303293830.622:3265): avc: denied { remove_name } for pid=18172 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" dev=dm-0 ino=2623284 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- Expected results: no AVCs
I added fixes to F15. I am adding it to RHEL6.
Fixed in selinux-policy-3.7.19-87.el6
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0526.html