Bug 742448 - AVC for prelink
Summary: AVC for prelink
Keywords:
Status: CLOSED DUPLICATE of bug 680204
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-30 07:50 UTC by Jan Hutař
Modified: 2012-02-28 16:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-28 16:02:18 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jan Hutař 2011-09-30 07:50:26 UTC 
Description of problem:
During execution of our tests we have seen this (multiple times):

time->Thu Sep 29 15:32:42 2011
type=SYSCALL msg=audit(1317324762.246:592298): arch=c000003e syscall=56 success=yes exit=39790 a0=1200011 a1=0 a2=0 a3=7f5df2db39d0 items=0 ppid=48267 pid=39787 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1317324762.246:592298): avc:  denied  { sys_resource } for  pid=39787 comm="prelink" capability=24  scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tclass=capability
type=AVC msg=audit(1317324762.246:592298): avc:  denied  { sys_admin } for  pid=39787 comm="prelink" capability=21  scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tclass=capability


Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-113.el6.noarch
selinux-policy-targeted-3.7.19-113.el6.noarch


How reproducible:
1 of 1 attempt


Steps to Reproduce:
1. I do not know what caused it. It does not seemed to be caused by our tests, but by cron running prelink.


Actual results:
AVC above


Expected results:
No AVC
Comment 3 Miroslav Grepl 2011-09-30 08:57:20 UTC 
These AVC's are caused by running out of resources, usually disk space on your / partition.
Comment 4 Šimon Lukašík 2011-09-30 09:03:59 UTC 
Interestingly, there is a lot of disk space left on this particular machine:

  # grep -q system_u:system_r:prelink_cron_system_t \
        /var/log/audit/audit.log && df | grep /$
                     33378088  16130308  15552244  51% /
Comment 5 Milos Malik 2011-09-30 09:34:06 UTC 
syscall=56 -> syscall=clone

What about the limit for number of processes / threads ? Is it possible that the limit was reached ?
Comment 6 Daniel Walsh 2011-09-30 14:40:06 UTC 
Two many processes/forks?
Comment 7 RHEL Program Management 2011-10-07 16:05:53 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 9 Luigi Toscano 2012-01-26 13:35:18 UTC 
Could this be a potential duplicate of rhbz680204 ?
Comment 10 Miroslav Grepl 2012-02-28 16:02:18 UTC 

*** This bug has been marked as a duplicate of bug 680204 ***
Note You need to log in before you can comment on or make changes to this bug.