Bug 800785 - avc: denied { write } for pid=19624 comm="passwd"
avc: denied { write } for pid=19624 comm="passwd"
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.3
Unspecified Unspecified
unspecified Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-07 04:02 EST by Michal Nowak
Modified: 2013-03-07 21:13 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-07 07:11:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Nowak 2012-03-07 04:02:01 EST
Description of problem:

Just found it in log http://beaker-archive.app.eng.bos.redhat.com/beaker-logs/2012/03/2009/200943/426298/4779846/26331681/test_log-Setup-avc.log when running

useradd abrt-suid-test -M
echo "kokotice" | passwd abrt-suid-test --stdin

type=AVC msg=audit(1331109716.691:214428): avc:  denied  { write } for  pid=19624 comm="passwd" path="/tmp/abrt-testsuite/test/bz783450-setuid-core-owned-by-root/full.log" dev=dm-0 ino=2229049 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

type=AVC msg=audit(1331109716.691:214428): avc:  denied  { write } for  pid=19624 comm="passwd" path="/tmp/abrt-testsuite/test/bz783450-setuid-core-owned-by-root/full.log" dev=dm-0 ino=2229049 scontext=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file

Version-Release number of selected component (if applicable):

selinux-policy-3.7.19-138.el6.noarch
Comment 2 Miroslav Grepl 2012-03-07 06:02:53 EST
This is a test issue with beaker/passwd which is caused by 

$RUNNER_SCRIPT $test &> $logfile

You will need to change a label for full.log to make this workig as you need.


$ sesearch -A -s passwd_t -c file -p write
Comment 3 Milos Malik 2012-03-07 06:31:17 EST
Please run "restorecon -Rv /etc" on that machine.

rlFileRestore() is the culprit.

Note You need to log in before you can comment on or make changes to this bug.