Bug 858314 - SELinux prevents /usr/sbin/nslcd (nslcd_t) from using the sys_nice capability
SELinux prevents /usr/sbin/nslcd (nslcd_t) from using the sys_nice capability
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.0
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Milos Malik
:
Depends On: 856580
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-18 11:50 EDT by Milos Malik
Modified: 2014-06-17 22:15 EDT (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.11.1-38.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 856580
Environment:
Last Closed: 2014-06-13 07:01:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2012-09-18 11:50:24 EDT
selinux-policy-targeted-3.11.1-19.el7.noarch
selinux-policy-doc-3.11.1-19.el7.noarch
selinux-policy-minimum-3.11.1-19.el7.noarch
selinux-policy-3.11.1-19.el7.noarch
selinux-policy-devel-3.11.1-19.el7.noarch
nss-pam-ldapd-0.7.17-1.el7.x86_64

Steps to reproduce:
 * get a RHEL-7 machine where targeted policy is active
 * run following automated test: /CoreOS/openldap/Sanity/integration-nss-pam-ldapd
 * search for AVCs

Actual results:
----
type=SYSCALL msg=audit(09/18/2012 17:37:53.702:1294) : arch=x86_64 syscall=sched_setscheduler success=yes exit=0 a0=0x3d4b a1=0x0 a2=0x7fff290e73c0 a3=0x7fff290e7120 items=0 ppid=1 pid=15691 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=nslcd exe=/usr/sbin/nslcd subj=system_u:system_r:nslcd_t:s0 key=(null) 
type=AVC msg=audit(09/18/2012 17:37:53.702:1294) : avc:  denied  { sys_nice } for  pid=15691 comm=nslcd capability=sys_nice  scontext=system_u:system_r:nslcd_t:s0 tcontext=system_u:system_r:nslcd_t:s0 tclass=capability 
----

Expected results:
 * no AVCs
Comment 1 Daniel Walsh 2012-10-12 16:31:44 EDT
Fixed in selinux-policy-3.11.1-38.el7
Comment 3 Ludek Smid 2014-06-13 07:01:15 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.