Bug 713520 - AVC denial on prelink: /dev/console read and append
Summary: AVC denial on prelink: /dev/console read and append
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i686
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-15 16:23 UTC by Jerry James
Modified: 2012-02-10 08:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-10 08:48:26 UTC
Type: ---


Attachments (Terms of Use)

Description Jerry James 2011-06-15 16:23:03 UTC
Description of problem:
Due to some problems booting all the way to gdm (the system tends to hang), I'm doing some maintenance in a shell spawned by passing "single" on the kernel boot line.  I did a "yum upgrade", and am now seeing lots of denials like this one:

[  252.359429] type=1400 audit(1308154283.833:99): avc:  denied  { read append } for  pid=1024 comm="prelink" path="/dev/console" dev=devtmpfs ino=5213 scontext=system_u:system_r:prelink_t:s0 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file

The upgrade appeared to complete normally.

Version-Release number of selected component (if applicable):
selinux-policy-3.9.16-28.fc16.noarch
selinux-policy-targeted-3.9.16-28.fc16.noarch
prelink-0.4.5-2.fc16.i686

How reproducible:
Don't know.  Only tried once.

Steps to Reproduce:
1. Boot with "single" on the kernel command line.
2. Have at least one out of date package installed.
3. yum upgrade
  
Actual results:
The upgrade appeared to complete normally, but I saw multiple instances of the AVC denial shown above while the new packages were being installed.

Expected results:
No AVC denials.

Additional info:

Comment 1 Daniel Walsh 2011-06-15 18:08:55 UTC
Fixed in selinux-policy-3.9.16-30.fc15


Note You need to log in before you can comment on or make changes to this bug.