http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
Abrt transitions to sosreport_t which transitions to dmesg_t
And leaks these descriptors.
On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
>
> Abrt transitions to sosreport_t which transitions to dmesg_t
>
> And leaks these descriptors.
It sounds like these should be dontaudit instead (?)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 06/17/2010 08:26 AM, Christopher J. PeBenito wrote:
> On Wed, 2010-06-02 at 15:46 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/admin_dmesg.patch
>>
>> Abrt transitions to sosreport_t which transitions to dmesg_t
>>
>> And leaks these descriptors.
>
> It sounds like these should be dontaudit instead (?)
>
No I guess in this case leak is the wrong term. It is passing along an
stdout which points for a file in its /var/run directory
abrt execs "sosreport > /var/run/sosreport/report.dat"
So we want to allow the dmesg output to get stored in this file.