Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 594783 - SELinux powstrzymuje /usr/sbin/tgtd "unlink" dostęp on .TGT_IPC_ABSTRACT_NAMESPACE
Summary: SELinux powstrzymuje /usr/sbin/tgtd "unlink" dostęp on .TGT_IPC_ABSTRACT...
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 13
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
Whiteboard: setroubleshoot_trace_hash:9026fc4752e...
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-21 15:35 UTC by Tomasz Torcz
Modified: 2010-06-01 07:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-06-01 07:28:16 UTC

Attachments (Terms of Use)

Description Tomasz Torcz 2010-05-21 15:35:16 UTC

SELinux stopping /usr/sbin/tgtd "unlink" access on

Dodatkowe informacje:

Kontekst źródłowy          system_u:system_r:tgtd_t:s0
Kontekst docelowy             unconfined_u:object_r:user_tmp_t:s0
Obiekty docelowe              .TGT_IPC_ABSTRACT_NAMESPACE [ sock_file ]
Źródło                     tgtd
Ścieżka źródłowa         /usr/sbin/tgtd
Port                          <Nieznane>
Komputer                      (usunięto)
Źródłowe pakiety RPM       scsi-target-utils-1.0.1-3.fc13
Docelowe pakiety RPM          
Pakiet RPM polityki           selinux-policy-3.7.19-13.fc13
SELinux jest włączony       True
Typ polityki                  targeted
Tryb wymuszania               Enforcing
Nazwa wtyczki                 catchall
Nazwa komputera               (usunięto)
Platforma                     Linux (usunięto) #1 SMP
                              Thu May 6 18:09:49 UTC 2010 x86_64 x86_64
Liczba alarmów               1
Po raz pierwszy               czw, 13 maj 2010, 09:10:44
Po raz ostatni                czw, 13 maj 2010, 09:10:44
Lokalny identyfikator         dc6b54cf-f093-446b-b07a-3010e91f8f73
Liczba wierszy                

Surowe komunikaty audytu      

node=(usunięto) type=AVC msg=audit(1273734644.995:6): avc:  denied  { unlink } for  pid=1811 comm="tgtd" name=".TGT_IPC_ABSTRACT_NAMESPACE" dev=dm-2 ino=331 scontext=system_u:system_r:tgtd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=sock_file

node=(usunięto) type=SYSCALL msg=audit(1273734644.995:6): arch=c000003e syscall=87 success=no exit=-13 a0=426f48 a1=1 a2=0 a3=7fff04a67ee0 items=0 ppid=1810 pid=1811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tgtd" exe="/usr/sbin/tgtd" subj=system_u:system_r:tgtd_t:s0 key=(null)

Hash String generated from  catchall,tgtd,tgtd_t,user_tmp_t,sock_file,unlink
audit2allow suggests:

#============= tgtd_t ==============
allow tgtd_t user_tmp_t:sock_file unlink;

Comment 1 Daniel Walsh 2010-05-24 15:34:52 UTC
How did you get this to happen?  Were you running tgtd directly?  IE Without using the service script?

Comment 2 Tomasz Torcz 2010-05-24 15:59:07 UTC
I get it every time I boot my system. I have "chkconfig tgtd on" and tgtd is started during boot process.

Comment 3 Daniel Walsh 2010-05-24 17:52:19 UTC
find /tmp -name .TGT_IPC_ABSTRACT_NAMESPAC -delete

Should delete it.  Or /var/tmp if it is there.  Then the next time it runs it should be labeled correctly.

Comment 4 Tomasz Torcz 2010-06-01 07:28:16 UTC
You were right. Sorry for wasting your time.

Note You need to log in before you can comment on or make changes to this bug.