Bug 965639 - radiusd cannot write to tmp
radiusd cannot write to tmp
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.0
All Linux
medium Severity medium
: beta
: ---
Assigned To: Miroslav Grepl
Eduard Benes
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-21 09:01 EDT by Patrik Kis
Modified: 2014-06-17 22:21 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1017107 (view as bug list)
Environment:
Last Closed: 2014-06-13 05:32:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrik Kis 2013-05-21 09:01:48 EDT
Description of problem:
The following AVC denial appears when radiusd integrated with kerberos is trying to authenticate an user.

time->Tue May 21 14:56:40 2013
type=SYSCALL msg=audit(1369141000.248:583): arch=c000003e syscall=87 success=no exit=-13 a0=7f77e4001900 a1=ffffffff a2=7f77e4001900 a3=7f77ec0eb830 items=0 ppid=1 pid=4191 auid=4294967295 uid=95 gid=95 euid=95 suid=95 fsuid=95 egid=95 sgid=95 fsgid=95 ses=4294967295 tty=(none) comm="radiusd" exe="/usr/sbin/radiusd" subj=system_u:system_r:radiusd_t:s0 key=(null)
type=AVC msg=audit(1369141000.248:583): avc:  denied  { write } for  pid=4191 comm="radiusd" name="tmp" dev="vda1" ino=566 scontext=system_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-3.12.1-38.el7
krb5-libs-1.11.2-2.el7
freeradius-2.2.0-6.el7

How reproducible:
always

Steps to Reproduce:
1. Integrate radiusd with kerberos
2. Try to authenticate a kerberos user via radius
Comment 3 Miroslav Grepl 2013-05-22 03:14:29 EDT
Fixed in selinux-policy-3.12.1-46.el7
Comment 4 Lukas "krteknet" Novy 2013-07-08 12:11:27 EDT
Proposing beta blocker as this is a Regression.

Miroslav, could you please switch the state to MODIFIED if your done with it as you stated in #c3? Thanks.
Comment 7 Ludek Smid 2014-06-13 05:32:26 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.