From: mgrepl@redhat.com (Miroslav Grepl)
Date: Mon, 21 Feb 2011 15:14:21 +0000
Subject: [refpolicy] [patch 1/1] dmesg: reads /proc/version
In-Reply-To: <1298092023.3101.48.camel@tesla.lan>
References: <4D5E97A6.1040603@redhat.com> <1298092023.3101.48.camel@tesla.lan>
Message-ID: <4D62814D.6010301@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/19/2011 05:07 AM, Guido Trentalancia wrote:
> Hello Miroslav !
>
> On Fri, 18/02/2011 at 16.00 +0000, Miroslav Grepl wrote:
>> http://mgrepl.fedorapeople.org/F15/admin_dmesg.patch
>>
>>       * dmesg reads /proc/version
>>       * dmesg needs to access to abrt files
> I couldn't find any reference in the source code for dmesg from
> util-linux-ng versions 2.18 and 2.19 about the fact that "dmesg
> reads /proc/version".
>
> Nor I have any indication from the audit logs on the test system I am
> running that dmesg ever required that permission.
>
> Only mount needs to stat() /proc/version.
>
> So, where did you get that from ?
There was a bug saying

type=AVC msg=audit(1293078612.406:8): avc:  denied  { read } for  pid=2405
comm="dmesg" path="/proc/version" dev=proc ino=4026532016
scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
> And I am not using abrt, but to be honest, I could not find any
> reference to abrt files access either.
>
> Regards,
>
> Guido
>