Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 453844 - Some AVCs regarding ipa_kpasswd
Summary: Some AVCs regarding ipa_kpasswd
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Simo Sorce
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 453489
TreeView+ depends on / blocked
 
Reported: 2008-07-02 22:02 UTC by Simo Sorce
Modified: 2015-01-04 23:33 UTC (History)
2 users (show)

Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)
Fix selinux policy wrt ipa_kpasswd (deleted)
2008-07-02 22:02 UTC, Simo Sorce
no flags Details | Diff

Description Simo Sorce 2008-07-02 22:02:09 UTC
Description of problem:

type=1400 audit(1215017904.493:17): avc:  denied  { read } for  pid=2925
comm="ipa_kpasswd" name="net" dev=proc ino=4026531867
scontext=unconfined_u:system_r:ipa_kpasswd_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file
type=1400 audit(1215017904.494:18): avc:  denied  { read } for  pid=2925
comm="ipa_kpasswd" name="unix" dev=proc ino=4026533123
scontext=unconfined_u:system_r:ipa_kpasswd_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=file

Comment 1 Simo Sorce 2008-07-02 22:02:45 UTC
Created attachment 310859 [details]
Fix selinux policy wrt ipa_kpasswd

Comment 5 Jenny Galipeau 2008-12-01 19:52:42 UTC
Fix Verified or Unable to Reproduce

no selinux avc messages on boot when kpasswd starts:
1) visually on stdout
2) /var/log/dmesg
3) /var/log/messages


Note You need to log in before you can comment on or make changes to this bug.