744598 – SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0.

Bug 744598 - SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0.

Summary: SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	16
Hardware:	i686
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:940eadf5dff9a96d3c0fe360ea7...
Duplicates (17):	744599 744600 744601 744602 744603 744604 744605 744606 744607 744608 744609 744610 744611 744612 744613 744614 744615 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-09 16:58 UTC by jiker
Modified:	2011-10-11 18:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-10 13:04:50 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description jiker 2011-10-09 16:58:46 UTC

libreport version: 2.0.6
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.0-0.rc6.git0.3.fc16.i686
reason:         SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0.
time:           Sun Oct  9 18:58:28 2011

description:
:SELinux is preventing /usr/bin/passwd from 'getattr' accesses on the chr_file /dev/media0.
:
:*****  Plugin device (91.4 confidence) suggests  *****************************
:
:If vous souhaitez autoriser passwd à accéder à getattr sur media0 chr_file
:Then you need to change the label on /dev/media0 to a type of a similar device.
:Do
:# semanage fcontext -a -t SIMILAR_TYPE '/dev/media0'
:# restorecon -v '/dev/media0'
:
:*****  Plugin catchall (9.59 confidence) suggests  ***************************
:
:If you believe that passwd should be allowed getattr access on the media0 chr_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep passwd /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:device_t:s0
:Target Objects                /dev/media0 [ chr_file ]
:Source                        passwd
:Source Path                   /usr/bin/passwd
:Port                          <Inconnu>
:Host                          (removed)
:Source RPM Packages           passwd-0.78-3.fc15
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-32.fc16
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.1.0-0.rc6.git0.3.fc16.i686 #1
:                              SMP Fri Sep 16 12:22:19 UTC 2011 i686 i686
:Alert Count                   6
:First Seen                    dim. 09 oct. 2011 02:25:21 CEST
:Last Seen                     dim. 09 oct. 2011 02:25:49 CEST
:Local ID                      a1365552-315e-4caa-be71-21783c93ae71
:
:Raw Audit Messages
:type=AVC msg=audit(1318119949.919:263): avc:  denied  { getattr } for  pid=1633 comm="passwd" path="/dev/media0" dev=devtmpfs ino=7815 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
:
:
:type=SYSCALL msg=audit(1318119949.919:263): arch=i386 syscall=stat64 success=no exit=EACCES a0=bfa190cc a1=bfa14a70 a2=4c9f5ff4 a3=8424ad4 items=0 ppid=1577 pid=1633 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm=passwd exe=/usr/bin/passwd subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 key=(null)
:
:Hash: passwd,passwd_t,device_t,chr_file,getattr
:
:audit2allow
:
:#============= passwd_t ==============
:allow passwd_t device_t:chr_file getattr;
:
:audit2allow -R
:
:#============= passwd_t ==============
:allow passwd_t device_t:chr_file getattr;
:

Comment 1 Miroslav Grepl 2011-10-10 08:44:45 UTC

Please update your system. This is fixed in the latest policy.

# yum update


Also if you see issues which are similar like your AVC msgs, could you open just one bugzilla for them and tell us you have a lot of these AVC msgs.

Comment 2 Miroslav Grepl 2011-10-10 08:48:15 UTC

*** Bug 744600 has been marked as a duplicate of this bug. ***

Comment 3 Miroslav Grepl 2011-10-10 08:48:20 UTC

*** Bug 744601 has been marked as a duplicate of this bug. ***

Comment 4 Miroslav Grepl 2011-10-10 08:48:25 UTC

*** Bug 744602 has been marked as a duplicate of this bug. ***

Comment 5 Miroslav Grepl 2011-10-10 08:48:32 UTC

*** Bug 744603 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Grepl 2011-10-10 08:48:37 UTC

*** Bug 744604 has been marked as a duplicate of this bug. ***

Comment 7 Miroslav Grepl 2011-10-10 08:48:42 UTC

*** Bug 744605 has been marked as a duplicate of this bug. ***

Comment 8 Miroslav Grepl 2011-10-10 08:49:30 UTC

*** Bug 744606 has been marked as a duplicate of this bug. ***

Comment 9 Miroslav Grepl 2011-10-10 08:49:38 UTC

*** Bug 744607 has been marked as a duplicate of this bug. ***

Comment 10 Miroslav Grepl 2011-10-10 08:49:43 UTC

*** Bug 744608 has been marked as a duplicate of this bug. ***

Comment 11 Miroslav Grepl 2011-10-10 08:49:52 UTC

*** Bug 744609 has been marked as a duplicate of this bug. ***

Comment 12 Miroslav Grepl 2011-10-10 08:50:03 UTC

*** Bug 744610 has been marked as a duplicate of this bug. ***

Comment 13 Miroslav Grepl 2011-10-10 08:50:09 UTC

*** Bug 744611 has been marked as a duplicate of this bug. ***

Comment 14 Miroslav Grepl 2011-10-10 08:50:14 UTC

*** Bug 744612 has been marked as a duplicate of this bug. ***

Comment 15 Miroslav Grepl 2011-10-10 08:50:20 UTC

*** Bug 744613 has been marked as a duplicate of this bug. ***

Comment 16 Miroslav Grepl 2011-10-10 08:50:24 UTC

*** Bug 744614 has been marked as a duplicate of this bug. ***

Comment 17 Miroslav Grepl 2011-10-10 08:50:31 UTC

*** Bug 744615 has been marked as a duplicate of this bug. ***

Comment 18 Miroslav Grepl 2011-10-10 08:52:07 UTC

*** Bug 744599 has been marked as a duplicate of this bug. ***

Comment 19 Daniel Walsh 2011-10-11 17:56:43 UTC

jiker, if you see what looks like the same bug/AVC over and over again, please report it once and then comment in the bug that you have many similar avc's. Otherwise you waste our time and yours closing all the duplicates.  Thanks.

Comment 20 jiker 2011-10-11 18:23:42 UTC

(In reply to comment #19)
> jiker, if you see what looks like the same bug/AVC over and over again, please
> report it once and then comment in the bug that you have many similar avc's.
> Otherwise you waste our time and yours closing all the duplicates.  Thanks.

As I already said I'm sorry to have reported all that tied bugs, it's because I misunderstand a lot of things in Linux etc ...

Curently, as I have allowed SElinux to do a lot of things, I have no more SElinux alert.

You can close all the bugs I have reported accidentaly, sorry again, Jiker

Comment 21 Daniel Walsh 2011-10-11 18:57:18 UTC

No problem, enjoy Linux...

Note You need to log in before you can comment on or make changes to this bug.