[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

tzdata-update AVC caused by pam_console ?



Greetings,
I am investigating the following AVCs

Jan  6 18:12:25 camelot kernel: audit(1168103545.309:4): avc:  denied  { use } 
for  pid=2302 comm="tzdata-update" name="tty1" dev=tmpfs ino=1745 
scontext=root:system_r:tzdata_t:s0-s0:c0.c255 
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=fd
Jan  6 18:12:25 camelot kernel: audit(1168103545.310:5): avc:  denied  { use } 
for  pid=2302 comm="tzdata-update" name="tty1" dev=tmpfs ino=1745 
scontext=root:system_r:tzdata_t:s0-s0:c0.c255 
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=fd

which occurred when updating tzdata just after upgrading from Fedora Core 5 to 
Fedora Core 6. During the same update I also encountered

  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222179

but I did not see the above two lines mentioned (the inode 1745 
matched /dev/tty1 at the time). I just tried running tzdata-update from an 
xterm and when logged at the console, but the above no longer happens. At 
present I have:

  $ ls -lZ /dev/tty1
  crw--w----  root tty root:object_r:tty_device_t       /dev/tty1

so I wonder if the above just got fixed in the meantime or there is some 
interaction with pam_console using different labeling from what the policy 
expects - I was running in runlevel 1 at the time.

Thank you for your consideration,
Davide Bolcioni
-- 
There is no place like /home.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]