This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 990598 - block_suspend AVCs when starting/restarting winbind service
block_suspend AVCs when starting/restarting winbind service
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.0
All Linux
medium Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-31 09:55 EDT by Michal Trunecka
Modified: 2014-09-30 19:35 EDT (History)
2 users (show)

See Also:
Fixed In Version: selinux-policy-3.12.1-70.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 07:58:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Trunecka 2013-07-31 09:55:59 EDT
Description of problem:

After just start and restart winbind service, there are several AVCs in audit.log, with block_suspend permission.

It's a bit wierd, that some of them are success=yes and some of them are success=no.

Here are examples of each of them:

----
time->Wed Jul 31 14:47:13 2013
type=SYSCALL msg=audit(1375278433.587:1539): arch=c000003e syscall=233 success=no exit=-2 a0=3 a1=2 a2=6 a3=7fff1b966d70 items=0 ppid=12474 pid=12475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="winbindd" exe="/usr/sbin/winbindd" subj=system_u:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1375278433.587:1539): avc:  denied  { block_suspend } for  pid=12475 comm="winbindd" capability=36  scontext=system_u:system_r:winbind_t:s0 tcontext=system_u:system_r:winbind_t:s0 tclass=capability2
----
time->Wed Jul 31 14:47:13 2013
type=SYSCALL msg=audit(1375278433.589:1540): arch=c000003e syscall=233 success=yes exit=0 a0=3 a1=2 a2=15 a3=7fff1b9684a0 items=0 ppid=1 pid=12474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="winbindd" exe="/usr/sbin/winbindd" subj=system_u:system_r:winbind_t:s0 key=(null)
type=AVC msg=audit(1375278433.589:1540): avc:  denied  { block_suspend } for  pid=12474 comm="winbindd" capability=36  scontext=system_u:system_r:winbind_t:s0 tcontext=system_u:system_r:winbind_t:s0 tclass=capability2
----


Version-Release number of selected component (if applicable):
selinux-policy-3.12.1-68.el7.noarch
Comment 2 Ludek Smid 2014-06-13 07:58:40 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.