Bug 860946 - SELinux is preventing /usr/sbin/tmpwatch from read access on the directory /.
SELinux is preventing /usr/sbin/tmpwatch from read access on the directory /.
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
16
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-27 03:31 EDT by Barbara
Modified: 2013-02-13 21:02 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-13 21:02:15 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Barbara 2012-09-27 03:31:08 EDT
Description of problem:
SELinux reported the message on the summary

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Miroslav Grepl 2012-09-27 13:29:34 EDT
Could you attach AVC msgs?

# ausearch -m avc

Thank you.
Comment 2 Barbara 2012-09-29 07:27:41 EDT
time->Thu Sep 27 09:13:15 2012
type=SYSCALL msg=audit(1348729995.405:129): arch=c000003e syscall=2 success=no exit=-13 a0=4045eb a1=0 a2=3e83fb3a90 a3=0 items=0 ppid=2476 pid=2497 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1348729995.405:129): avc:  denied  { read } for  pid=2497 comm="tmpwatch" name="/" dev="sda5" ino=2 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir

This message is reapeated 23 times on Sep 27, but running that command I just noticed that I have it starting from Jul 28.
Comment 4 Fedora Update System 2012-11-13 13:30:48 EST
selinux-policy-3.10.0-96.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-96.fc16
Comment 5 Fedora Update System 2012-11-14 21:43:08 EST
Package selinux-policy-3.10.0-96.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-96.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-18243/selinux-policy-3.10.0-96.fc16
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-11-19 21:58:16 EST
selinux-policy-3.10.0-96.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Barbara 2012-12-03 05:57:17 EST
$ rpm -qa -last | grep selinux-policy
selinux-policy-targeted-3.10.0-96.fc16        Thu 22 Nov 2012 09:53:07 AM CET
selinux-policy-3.10.0-96.fc16                 Thu 22 Nov 2012 09:52:41 AM CET

It seems that the problem still exists.
I received an alter also about find.
As for tmpwatch, the first message about find is from Jul 28.

time->Mon Dec  3 11:44:02 2012
type=SYSCALL msg=audit(1354531442.250:136): arch=c000003e syscall=2 success=no exit=-13 a0=4045eb a1=0 a2=3e83fb3a90 a3=0 items=0 ppid=2383 pid=2385 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1354531442.250:136): avc:  denied  { read } for  pid=2385 comm="tmpwatch" name="/" dev="sda5" ino=2 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
----
time->Mon Dec  3 11:46:51 2012
type=SYSCALL msg=audit(1354531611.283:139): arch=c000003e syscall=2 success=no exit=-13 a0=426467 a1=0 a2=0 a3=10 items=0 ppid=30209 pid=30210 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="find" exe="/bin/find" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1354531611.283:139): avc:  denied  { read } for  pid=30210 comm="find" name="/" dev="sda5" ino=2 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
Comment 8 Fedora End Of Life 2013-02-13 21:02:24 EST
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.