Fedora Test Day Summary - Confined Users
Eduard Benes
ebenes at redhat.com
Thu Oct 22 14:10:51 UTC 2009
Greetings!
This Tuesday was the "Confined Users" Test Day / Fit&Finish [1] (TD/F&F).
Though we expected higher attendance, the results are really valuable.
The most valuable outcome of a test day could be a fact that we should
bring more attention/people to using/testing SELinux policy and related
tools.
Thanks to all who participated and helped with the organization,
especially to Dan Walsh who promptly started to resolve reported bugs
and already fixed some important issues.
Following bugs were reported during the TD/F&F by the participants:
ID Summary
529873 Openswan/pluto - AVC denials when starting the ipsec service
529870 SELinux is preventing /usr/bin/python "getattr" access on /home/jlaska/.gvfs.
529871 SELinux is preventing /usr/bin/python "connectto" access on /var/run/nscd/socket.
529758 SELinux is preventing /usr/sbin/sendmail.sendmail "module_request" access.
529803 Your system may be seriously compromised! /usr/sbin/nscd attempted to mmap low kernel memory.
529606 SELinux is preventing /usr/sbin/modem-manager "read write" access to device noz0.
529738 SELinux is preventing /lib64/dbus-1/dbus-daemon-launch-helper "execute" access on /usr/sbin/abrtd.
529827 guest_u user not able to run ps
529830 SELinux failed to limit the authority of execute of user_u
529903 SELinux is preventing bash "create" access.
529911 SELinux is preventing nautilus "read write" access on sr0.
529916 AVCs with confined "mailuser" sending e-mail
529933 SELinux is preventing /usr/sbin/abrtd "setattr" access on .abrt.
529934 SELinux is preventing /usr/sbin/abrtd "write" access on /root.
529951 SELinux is preventing the /bin/loadkeys from using potentially mislabeled files (Documents).
529953 hp cups selinux denial
529961 SELinux is preventing /usr/sbin/abrtd "read" access on Bugzilla.conf.
Have a nice day,
/Eduard
[1] - https://fedoraproject.org/wiki/Test_Day:2009-10-20
[2] - http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
[3] - http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/
More information about the fedora-test-list
mailing list