X sandbox still broken in Fedora 20
Miroslav Grepl
mgrepl at redhat.com
Mon Jun 9 12:06:25 UTC 2014
On 06/09/2014 02:04 PM, Miroslav Grepl wrote:
> On 06/09/2014 12:49 PM, Florian Weimer wrote:
>> Running "sandbox -X -t sandbox_web_t xterm", I get this audit
>> entries, and the command exits without printing anything:
>>
>> type=AVC msg=audit(1402310641.114:1228): avc: denied { connectto }
>> for pid=19943 comm="Xephyr"
>> path=002F746D702F2E5831312D756E69782F5830
>> scontext=unconfined_u:unconfined_r:sandbox_web_t:s0:c38,c325
>> tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023
>> tclass=unix_stream_socket
>> type=SYSCALL msg=audit(1402310641.114:1228): arch=c000003e syscall=42
>> success=no exit=-13 a0=0 a1=7fffa6343c70 a2=14 a3=7fffa63439d0
>> items=0 ppid=19934 pid=19943 auid=1000 uid=1000 gid=1000 euid=1000
>> suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1
>> comm="Xephyr" exe="/usr/bin/Xephyr"
>> subj=unconfined_u:unconfined_r:sandbox_web_t:s0:c38,c325 key=(null)
>>
>> Relevant package versions:
>>
>> libcap-ng-0.7.4-1.fc20.x86_64
>> policycoreutils-python-2.2.5-4.fc20.x86_64
>> selinux-policy-targeted-3.12.1-166.fc20.noarch
>>
>> Downgrading to libcap-ng-0.7.3-6.fc20.x86_64 fixes this for me.
>>
>> Does anybody else see this? If not, what might be causing this problem?
>>
> Yes, we know about this issue. There is a bug for it.
https://bugzilla.redhat.com/show_bug.cgi?id=1103622
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list