Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155849 - avc: denied { write } for name=rhgb-socket
Summary: avc: denied { write } for name=rhgb-socket
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-24 17:16 UTC by sangu
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: selinux-policy-targeted-1.23.18-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-10 09:55:29 UTC


Attachments (Terms of Use)
dmesg in kernel-2.6.11-1.1268_FC4 (deleted)
2005-04-27 16:11 UTC, sangu
no flags Details

Description sangu 2005-04-24 17:16:02 UTC
Description of problem:
in dmesg
[...]
audit(1114306425.761:0): avc:  denied  { write } for  name=rhgb-socket dev=ramfs
ino=6052 scontext=system_u:system_r:init_t tcontext=system_u:object_r:ramfs_t
tclass=sock_file
[...]

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.12-4

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
rhgb-0.16.2-3 kernel-2.6.11-1.1261_FC4

Comment 1 Daniel Walsh 2005-04-26 19:47:51 UTC
Fixed in selinux-policy-*-1.23.13-3

Comment 2 sangu 2005-04-27 16:11:16 UTC
Created attachment 113721 [details]
dmesg in kernel-2.6.11-1.1268_FC4

After installing selinux-policy-*-1.23.13-3, audit error messages are changed
in dmesg.

[...]
audit(1114611219.454:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6990
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
[...]
audit(1114611242.177:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.753:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611242.905:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611243.042:0): avc:  denied  { lock } for  path=/etc/fstab dev=hda8
ino=211799 scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1114611252.611:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t

Comment 3 Daniel Walsh 2005-04-27 16:51:09 UTC
restorecon -v /etc/fstab  
should clear most of them.

Dan

Comment 4 sangu 2005-04-27 17:07:43 UTC
Dan : thank your comments.

/etc/fstab problem is fixed.

$restorecon -v /etc/fstab

After rebooting

$dmesg | grep avc
audit(1114621106.443:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=7080
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1114621145.580:0): avc:  denied  { connectto } for 
path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t
tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket


Comment 5 sangu 2005-05-04 10:43:27 UTC
in selinux-policy-targeted-1.23.14-2, kernel-2.6.11-1.1282_FC4

$ dmesg | grep avc
audit(1115168226.367:0): avc:  denied  { write } for 
path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6650
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t
tclass=fifo_file
audit(1115168263.211:0): avc:  denied  { search } for  name=rhgb dev=hda8
ino=211872 scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t
tclass=dir



Note You need to log in before you can comment on or make changes to this bug.