selinux policy upgrade avcs

[Daniel J Walsh]

Steve G wrote:
> Hi,
>
> When yum updates my rawhide policy, I get these avcs:
>
> type=PATH msg=audit(12/29/2005 08:26:52.659:120) : item=0 name=/etc/mtab
> inode=11403372 dev=03:07 mode=file,644 ouid=root ogid=root rdev=00:00
> obj=system_u:object_r:etc_runtime_t:s0
> type=CWD msg=audit(12/29/2005 08:26:52.659:120) :  cwd=/
> type=SYSCALL msg=audit(12/29/2005 08:26:52.659:120) : arch=x86_64 syscall=open
> success=no exit=-13(Permission denied) a0=3446313756 a1=0 a2=1b6 a3=0 items=1
> pid=2472 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root
> sgid=root fsgid=root tty=tty1 comm=load_policy exe=/usr/sbin/load_policy
> subj=root:system_r:load_policy_t:s0-s0:c0.c255
> type=AVC msg=audit(12/29/2005 08:26:52.659:120) : avc:  denied  { read } for
> pid=2472 comm=load_policy name=mtab dev=hda7 ino=11403372
> scontext=root:system_r:load_policy_t:s0-s0:c0.c255
> tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
>
> -Steve
>   
This looks like a bug of a file descriptor being left open. Somthing in 
the kernel/init/initrd must be opening /etc/mtab and not setting 
closeonexec. Need to bugzilla the kernel I guess.
>
> 		
> __________________________________________ 
> Yahoo! DSL – Something to write home about. 
> Just $16.99/mo. or less. 
> dsl.yahoo.com 
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>   


--