Re: nscd AVC

On Jan 10, 2011, at 1:32 PM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/10/2011 12:40 PM, Vadym Chepkov wrote: >> Hi, >> >> Is it safe to permit these? >> >> selinux-policy-3.9.7-18.fc14.noarch >> >> # ausearch -m avc -ts yesterday >> ---- >> time->Sun Jan 9 11:23:14 2011 >> type=SYSCALL msg=audit(1294590194.604:12): arch=40000003 syscall=5 success=yes exit=18 a0=57b497 a1=0 a2=1b6 a3=58856a items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) >> type=AVC msg=audit(1294590194.604:12): avc: denied { read } for pid=997 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir >> ---- >> time->Sun Jan 9 11:23:14 2011 >> type=SYSCALL msg=audit(1294590194.604:13): arch=40000003 syscall=195 success=yes exit=0 a0=57b49c a1=ae2f16bc a2=29fff4 a3=3 items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) >> type=AVC msg=audit(1294590194.604:13): avc: denied { read } for pid=997 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file >> ---- >> time->Sun Jan 9 11:41:04 2011 >> type=SYSCALL msg=audit(1294591264.449:7): arch=40000003 syscall=195 success=yes exit=0 a0=3f049c a1=ae9f964c a2=38bff4 a3=3 items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) >> type=AVC msg=audit(1294591264.449:7): avc: denied { read } for pid=973 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file >> ---- >> time->Sun Jan 9 11:41:04 2011 >> type=SYSCALL msg=audit(1294591264.448:6): arch=40000003 syscall=5 success=yes exit=16 a0=3f0497 a1=0 a2=1b6 a3=3fd56a items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null) >> type=AVC msg=audit(1294591264.448:6): avc: denied { read } for pid=973 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir >> >> >> >> >> -- >> selinux mailing list >> selinux(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/selinux > What is nscd looking for in /tmp? nscd is part of glibc, so the source code is really huge and it uses TMPDIR environment variable all over the place. "Don't know" would be an honest answer. Shall I open bugzilla about it? Thanks, Vadym

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rX2cACgkQrlYvE4MpobNfXwCcCJ/uonJ+AQksGDqs51dz4kft pogAn3ZgADIp02vlCzvN3Vnh3lMQIcQM =LLh0 -----END PGP SIGNATURE-----