756811 – mcelog generates AVCs on mcelog.pid

Bug 756811 - mcelog generates AVCs on mcelog.pid

Summary: mcelog generates AVCs on mcelog.pid

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mcelog
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Prarit Bhargava
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	756812
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-24 16:57 UTC by David Jaša
Modified:	2013-08-14 14:52 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-14 14:52:34 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description David Jaša 2011-11-24 16:57:29 UTC

Description of problem:
on freshly installed fedora rawhide, mcelog generates these three kinds of AVCs:

1. if file /var/run/mcelog.pid is not present:
type=AVC msg=audit(1322149270.300:18): avc:  denied  { create } for  pid=650 comm="mcelog" name="mcelog.pid" scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

2. if create is allowed then this one pops up:
type=AVC msg=audit(1322146088.957:78): avc:  denied  { write open } for  pid=1163 comm="mcelog" name="mcelog.pid" dev=tmpfs ino=19164 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

3. if file is created manually (IIRC)
type=AVC msg=audit(1322146909.437:126): avc:  denied  { unlink } for  pid=1163 comm="mcelog" name="mcelog.pid" dev=tmpfs ino=19164 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file

Version-Release number of selected component (if applicable):
mcelog-1.0-0.3.6e4e2a00.fc17.x86_64

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 David Jaša 2011-11-24 17:44:39 UTC

After further investigation, it seems that the only problem is wrong context on /var/run/mcelog.pid, once it is fixed, AVCs disappear. Closing as not a bug.

Comment 2 Daniel Walsh 2011-11-29 02:27:35 UTC

Fixed in rawhide.

Comment 3 Carl G. 2011-12-04 11:46:07 UTC

What about F16?

https://bugzilla.redhat.com/show_bug.cgi?id=757041

^ "type=AVC msg=audit(1322130010.286:5664): avc:  denied  { getattr } for  pid=14989 comm="mcelog" path="/run/mcelog.pid" dev=tmpfs ino=27703564 scontext=system_u:system_r:mcelog_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file"

Comment 4 Daniel Walsh 2011-12-05 14:55:30 UTC

Fixed there also, yum update

Comment 5 Charlie Brady 2012-01-17 16:10:07 UTC

(In reply to comment #3)
> What about F16?

Seen also in F15.

> Closing as not a bug.

Seriously?

Comment 6 Daniel Walsh 2012-01-17 16:33:23 UTC

You are seeing this bug in F16 and F15?

Comment 7 Daniel Walsh 2012-01-17 16:35:35 UTC

On my F16 box I see them labeled correctly.

selinux-policy-3.10.0-71

Comment 8 Fedora End Of Life 2013-04-03 19:57:10 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 9 Prarit Bhargava 2013-08-14 12:26:00 UTC

Should this be open or closed at this point?

P.

Note You need to log in before you can comment on or make changes to this bug.