Hi!
On Tue, 2015-01-27 at 00:55:21 +1100, Russell Coker wrote:
> Package: dpkg
> Version: 1.17.23
> Severity: normal
>
> Below are some AVC messages from a fairly routine dpkg upgrade. As you can
> see the programs setfiles, load_policy, and restorecon which are run from
> postinst scripts are inheriting a file handle for
> /var/lib/dpkg/triggers/Unincorp .
>
> type=AVC msg=audit(1422274481.981:202): avc: denied { read } for pid=12679
> comm="setfiles" path="/var/lib/dpkg/triggers/Unincorp" dev="xvda" ino=199493
> scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023
> tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1422274483.261:203): avc: denied { read } for pid=12685
> comm="load_policy" path="/var/lib/dpkg/triggers/Unincorp" dev="xvda"
> ino=199493 scontext=bofh:sysadm_r:load_policy_t:s0-s0:c0.c1023
> tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1422279601.565:427): avc: denied { read } for pid=22513
> comm="restorecon" path="/var/lib/dpkg/triggers/Unincorp" dev="xvda"
> ino=208505
> scontext=bofh:sysadm_r:setfiles_t:s0-s0:c0.c1023
> tcontext=bofh:object_r:dpkg_var_lib_t:s0 tclass=file permissive=0
Are you sure these messages are from dpkg 1.17.23 and not from an
earlier version? This was supposedly fixed in 1.17.11 (see #751021).
Thanks,
Guillem
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
