Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 119546
Summary: | w doesn't show /dev/ttyn things in the enforcing mode | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Akira TAGOH <tagoh> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | pgraner, russell, sdsmall |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.9.1-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-19 20:59:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
Akira TAGOH
2004-03-31 11:43:53 UTC
Looks like an omission from the policy, allow $1_t initrc_var_run_t:file r_file_perms; in user_macros.te or base_user_macros.te. Adding Russell to cc line, as this is a policy issue. Side bar: base_user_macros.te currently gives lock permission, this seems like a bad idea. Fixed in policy-1.9.1-1 confirmed the working. Thanks! this problem appears again. I've tested this on policy 1.11.2-8. reopening Ok. This happens because w.c looks through /proc for the PID of the login process associated with their login. Since user_t isn't allowed getattr on local_login_t, this is denied. It apparently does this because it's double-checking that the login still exists. So we could either 1) Allow users to stat local_login_t processes 2) Disable the code in w.c that looks for the login process, and just accept that the information could be stale. Any opinions on which would be better? I have a patch for 1), and a patch for 2) should be pretty easy too. I went ahead and did 2) for now. Comments still welcome. I don't think the procps maintainer will like the patch... |