Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHBA-2011-0526.html
Description of problem: Version-Release number of selected component (if applicable): selinux-policy-minimum-3.7.19-86.el6.noarch selinux-policy-doc-3.7.19-86.el6.noarch selinux-policy-mls-3.7.19-86.el6.noarch selinux-policy-3.7.19-86.el6.noarch selinux-policy-targeted-3.7.19-86.el6.noarch scsi-target-utils-1.0.14-2.el6 How reproducible: always Steps to Reproduce: # service tgtd start Starting SCSI target daemon: [FAILED] # service tgtd status tgtd is stopped # service tgtd restart Stopping SCSI target daemon: not running[FAILED] Starting SCSI target daemon: [FAILED] # service tgtd status tgtd is stopped Actual results (enforcing mode): ---- type=SYSCALL msg=audit(04/20/2011 06:02:55.917:3260) : arch=x86_64 syscall=bind success=no exit=-13(Permission denied) a0=6 a1=7fffff669fe0 a2=6e a3=2 items=0 ppid=17717 pid=17718 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=7 comm=tgtd exe=/usr/sbin/tgtd subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(04/20/2011 06:02:55.917:3260) : avc: denied { write } for pid=17718 comm=tgtd name=run dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- type=SYSCALL msg=audit(04/20/2011 06:02:58.196:3261) : arch=x86_64 syscall=bind success=no exit=-13(Permission denied) a0=6 a1=7fffd5b50d30 a2=6e a3=2 items=0 ppid=17765 pid=17766 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=7 comm=tgtd exe=/usr/sbin/tgtd subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(04/20/2011 06:02:58.196:3261) : avc: denied { write } for pid=17766 comm=tgtd name=run dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- Actual results (permissive mode): ---- time->Wed Apr 20 06:03:48 2011 type=SYSCALL msg=audit(1303293828.107:3263): arch=c000003e syscall=49 success=yes exit=0 a0=6 a1=7fffa3f08e70 a2=6e a3=2 items=0 ppid=18110 pid=18111 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=7 comm="tgtd" exe="/usr/sbin/tgtd" subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(1303293828.107:3263): avc: denied { create } for pid=18111 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=AVC msg=audit(1303293828.107:3263): avc: denied { add_name } for pid=18111 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1303293828.107:3263): avc: denied { write } for pid=18111 comm="tgtd" name="run" dev=dm-0 ino=2622195 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- time->Wed Apr 20 06:03:50 2011 type=SYSCALL msg=audit(1303293830.622:3265): arch=c000003e syscall=87 success=yes exit=0 a0=7fffe6a0bc00 a1=4309fa a2=26 a3=7fffe6a0b980 items=0 ppid=18171 pid=18172 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=7 comm="tgtd" exe="/usr/sbin/tgtd" subj=unconfined_u:system_r:tgtd_t:s0 key=(null) type=AVC msg=audit(1303293830.622:3265): avc: denied { unlink } for pid=18172 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" dev=dm-0 ino=2623284 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=AVC msg=audit(1303293830.622:3265): avc: denied { remove_name } for pid=18172 comm="tgtd" name="tgtd.ipc_abstract_namespace.0" dev=dm-0 ino=2623284 scontext=unconfined_u:system_r:tgtd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir ---- Expected results: no AVCs