RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 751472 - cannot update faillock in MLS when using sudo
Summary: cannot update faillock in MLS when using sudo
Keywords:
Status: CLOSED DUPLICATE of bug 750869
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-04 20:26 UTC by Josh
Modified: 2011-11-07 09:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-07 09:03:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Josh 2011-11-04 20:26:11 UTC 
Description of problem:
faillock cannot be updated when you log in at any level above s0 and try to sudo

Version-Release number of selected component (if applicable):
3.7.19-123.el6.noarch

How reproducible:
always

Steps to Reproduce:
1. add faillock to /etc/pam.d/system-auth
2. ssh user/staff_r/s15:c0.c1023@localhost
3. sudo -i -r sysadm_r # with invalid password
  
Actual results:
faillock is not updated

Expected results:
faillock is updated

Additional info:
faillock is updated if you log in as s0-s15:c0.c1023

time->Fri Nov  4 16:23:15 2011
type=PATH msg=audit(1320438195.222:360507): item=0 name="/var/run/faillock/user" inode=9831173 dev=fd:00 mode=0100600 ouid=500 ogid=0 rdev=00:00 obj=system_u:object_r:faillog_t:s0
type=CWD msg=audit(1320438195.222:360507):  cwd="/home/user"
type=SYSCALL msg=audit(1320438195.222:360507): arch=c000003e syscall=2 success=no exit=-13 a0=7fc3b7699fe0 a1=2 a2=180 a3=8 items=1 ppid=21819 pid=21854 auid=500 uid=0 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=pts0 ses=95 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s15:c0.c1023 key="access"
type=AVC msg=audit(1320438195.222:360507): avc:  denied  { write } for  pid=21854 comm="sudo" name="user" dev=dm-0 ino=9831173 scontext=staff_u:staff_r:staff_sudo_t:s15:c0.c1023 tcontext=system_u:object_r:faillog_t:s0 tclass=file
Comment 2 Miroslav Grepl 2011-11-07 09:03:51 UTC 

*** This bug has been marked as a duplicate of bug 750869 ***
Note You need to log in before you can comment on or make changes to this bug.