Hide Forgot
Description of problem: Selinux is preventing kadmin from setched operation. Even though this denial has (probably) not any harmfull effect (i.e. everything works fine), I am quite sure that the test triggering this AVC does not do anything specific or unsual and hence there is probably missing rule / transition in the policy. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.7.19-84.el6.noarch selinux-policy-3.7.19-84.el6.noarch How reproducible: Always. Steps to Reproduce: 1. Run RHTS test /CoreOS/openldap/Sanity/integration-kerberos. 2. Run ausearch -m AVC -ts recent. Actual results: type=AVC msg=audit(1303374113.787:46063): avc: denied { setsched } for pid=6402 comm="kadmind" scontext=unconfined_u:system_r:kadmind_t:s0 tcontext=unconfined_u:system_r:kadmind_t:s0 tclass=process Expected results: No AVC. Additional info: I am not sure if such a reproducer is correct. If not, I will be more than happy to provide a more detailed one. Just ask.
I fixed this in F15 and F16 policy. Needs back port to RHEL5 and RHEL6 as well as F14
Fixed in selinux-policy-3.7.19-96.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1511.html