Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160841 - AVC errors when running fdisk on a file
Summary: AVC errors when running fdisk on a file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-17 18:57 UTC by Brian Wheeler
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.23.18-12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-08-19 08:24:32 UTC


Attachments (Terms of Use)

Description Brian Wheeler 2005-06-17 18:57:51 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
While trying to debug a disk image using fdisk I found that selinux will not allow me to run fdisk on the file.  sfdisk doesn't work either.  I've done it in earlier versions, so I know its something that's possible.  

Here are the relevant lines from audit.log:
type=PATH msg=audit(1119034442.581:16583602): item=0 name="bootfile.dump" inode=737318 dev=fd:00 mode=040775 ouid=11907 ogid=500 rdev=00:00
type=SYSCALL msg=audit(1119034442.581:16583602): arch=40000003 syscall=5 success=no exit=-13 a0=bff519e8 a1=8002 a2=0 a3=8002 items=1 pid=25218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="fdisk" exe="/sbin/fdisk"
type=AVC msg=audit(1119034442.581:16583602): avc:  denied  { search } for  pid=25218 comm="fdisk" name=pearpc dev=dm-0 ino=737318 scontext=root:system_r:fsadm_t tcontext=root:object_r:user_home_t tclass=dir


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. dd if=/dev/zero of=disk.image bs=1048576 count=5
2. /sbin/fdisk disk.image


Actual Results:  "Unable to open disk.image" & fdisk exits.

Expected Results:  Image should have opened and fdisk allowed me to make modifications.

Additional info:

Comment 1 Daniel Walsh 2005-06-18 02:10:43 UTC
What policy are you running.  This should be allowed.

Dan

Comment 2 Brian Wheeler 2005-06-20 13:16:19 UTC
I'm running targeted.  Its the standard FC4 setup (via an upgrade of FC3) so
there shouldn't be any surprises...

Brian

Comment 3 Daniel Walsh 2005-06-20 18:46:20 UTC
selinux-policy-targeted-1.23.18-12 should fix this.

Comment 4 Brian Wheeler 2005-06-20 18:50:47 UTC
Yes, that fixes it.  Thanks!


Note You need to log in before you can comment on or make changes to this bug.