The following AVC makes audit2allow loop:
Aug 12 09:08:02 fedora kernel: audit(1092326882.229:0): avc: denied { read } for pid=4477 exe=/bin/bash path=/home/tbl/.thunderbird/default/7hvcq9as.slt/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}/chrome/enigmail-skin-tbird.jar dev=hda2 ino=3769282 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:user_home_t tclass=file
Notice the brace characters in the 'path=' field.
Deleting the brace characters, or replacing them with some other characters
makes audit2allow work again.
I can fix the problem by moving the code in audit2allow that checks for
various '=' fields before the parsing of the brace field,
and putting in an extra case for 'path='.
I don't think this is the right fix. What about other fields
that may have braces, like 'exe=', etc.?
Someone with better Perl skills: please help!
tom
[Please notice that I didn't choose the filename ;) ]
--- /usr/bin/audit2allow 2004-08-11 14:29:39.000000000 -0700
+++ audit2allow 2004-08-12 13:42:32.605241853 -0700
@@ -65,6 +65,13 @@
$command="";
foreach $i(0..$#types){
next if($types[$i]!~/[=\{]/);
+ my($a,$b) = split /=/,$types[$i];
+
+ next if($a eq "pid");
+ next if($a eq "dev");
+ next if($a eq "ino");
+ next if($a eq "path");
+
if($types[$i]=~/\{/){
$j=$i+1;
while($types[$j]!~/\}/){
@@ -73,11 +80,6 @@
}
next;
}
- my($a,$b) = split /=/,$types[$i];
-
- next if($a eq "pid");
- next if($a eq "dev");
- next if($a eq "ino");
if(($a eq "scontext")||($a eq "tcontext")||($a eq "tclass")){
if($a ne "tclass"){
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
