Fedora Test Day Summary - Confined Users

Eduard Benes ebenes at redhat.com
Thu Oct 22 14:10:51 UTC 2009 

Greetings!

This Tuesday was the "Confined Users" Test Day / Fit&Finish [1] (TD/F&F).
Though we expected higher attendance, the results are really valuable.
The most valuable outcome of a test day could be a fact that we should 
bring more attention/people to using/testing SELinux policy and related
tools.

Thanks to all who participated and helped with the organization, 
especially to Dan Walsh who promptly started to resolve reported bugs 
and already fixed some important issues.

Following bugs were reported during the TD/F&F by the participants:

ID  	 Summary
529873 	Openswan/pluto - AVC denials when starting the ipsec service
529870 	SELinux is preventing /usr/bin/python "getattr" access on /home/jlaska/.gvfs.
529871 	SELinux is preventing /usr/bin/python "connectto" access on /var/run/nscd/socket.
529758 	SELinux is preventing /usr/sbin/sendmail.sendmail "module_request" access.
529803 	Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory.
529606 	SELinux is preventing /usr/sbin/modem-manager "read write" access to device noz0.
529738 	SELinux is preventing /lib64/dbus-1/dbus-daemon-launch-helper "execute" access on /usr/sbin/abrtd.
529827 	guest_u user not able to run ps
529830 	SELinux failed to limit the authority of execute of user_u
529903 	SELinux is preventing bash "create" access.
529911 	SELinux is preventing nautilus "read write" access on sr0.
529916 	AVCs with confined "mailuser" sending e-mail
529933 	SELinux is preventing /usr/sbin/abrtd "setattr" access on .abrt.
529934 	SELinux is preventing /usr/sbin/abrtd "write" access on /root.
529951 	SELinux is preventing the /bin/loadkeys from using potentially mislabeled files (Documents).
529953 	hp cups selinux denial
529961 	SELinux is preventing /usr/sbin/abrtd "read" access on Bugzilla.conf. 

Have a nice day, 

/Eduard 


[1] - https://fedoraproject.org/wiki/Test_Day:2009-10-20
[2] - http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
[3] - http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/

More information about the fedora-devel-list mailing list