Bug 908590 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/mdadm.
Summary: SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/...
Keywords:
Status: CLOSED DUPLICATE of bug 901921
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:b2f9518f9294d864ac1ed829d0f...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-02-07 05:05 UTC by MKG
Modified: 2013-02-07 08:55 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-02-07 08:55:40 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: type (9 bytes, text/plain)
2013-02-07 05:06 UTC, MKG
no flags Details
File: hashmarkername (14 bytes, text/plain)
2013-02-07 05:06 UTC, MKG
no flags Details

Description MKG 2013-02-07 05:05:48 UTC
Additional info:
libreport version: 2.0.18
kernel:         3.7.3-101.fc17.i686

description:
:SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/sbin/mdadm.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that bash should be allowed execute access on the mdadm file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep sh /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:logwatch_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:mdadm_exec_t:s0
:Target Objects                /usr/sbin/mdadm [ file ]
:Source                        sh
:Source Path                   /usr/bin/bash
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           bash-4.2.39-2.fc17.i686
:Target RPM Packages           mdadm-3.2.6-7.fc17.i686
:Policy RPM                    selinux-policy-3.10.0-166.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.7.3-101.fc17.i686 #1 SMP Fri Jan
:                              18 17:52:48 UTC 2013 i686 i686
:Alert Count                   13
:First Seen                    2013-02-03 03:50:05 CET
:Last Seen                     2013-02-07 03:11:08 CET
:Local ID                      fba6e9a9-5e60-4504-96f5-327056813365
:
:Raw Audit Messages
:type=AVC msg=audit(1360203068.545:299): avc:  denied  { execute } for  pid=11039 comm="sh" name="mdadm" dev="dm-1" ino=146095 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mdadm_exec_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1360203068.545:299): arch=i386 syscall=access success=no exit=EACCES a0=8df2ea8 a1=1 a2=4cb73ff4 a3=0 items=0 ppid=11038 pid=11039 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=33 tty=(none) comm=sh exe=/usr/bin/bash subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
:
:Hash: sh,logwatch_t,mdadm_exec_t,file,execute
:
:audit2allow
:
:#============= logwatch_t ==============
:allow logwatch_t mdadm_exec_t:file execute;
:
:audit2allow -R
:
:#============= logwatch_t ==============
:allow logwatch_t mdadm_exec_t:file execute;
:


Potential duplicate bug: 901469

Comment 1 MKG 2013-02-07 05:06:46 UTC
Created attachment 694246 [details]
File: type

Comment 2 MKG 2013-02-07 05:06:49 UTC
Created attachment 694247 [details]
File: hashmarkername

Comment 3 Miroslav Grepl 2013-02-07 08:55:40 UTC

*** This bug has been marked as a duplicate of bug 901921 ***


Note You need to log in before you can comment on or make changes to this bug.