SELinux is preventing /usr/sbin/nscd access to a leaked /dev/null file descriptor.
Bug #633646 reported by
Jeff Johnson
Bug watches keep track of this bug in other bug trackers.
Summary:
SELinux is preventing /usr/sbin/nscd access to a leaked /dev/null file
descriptor.
Detailed Description:
[nscd has a permissive type (nscd_t). This access was not denied.]
SELinux denied access requested by the nscd command. It looks like this is
either a leaked descriptor or nscd output was redirected to a file it is not
allowed to access. Leaks usually can be ignored since SELinux is just closing
the leak and reporting the error. The application does not use the descriptor,
so it will run properly. If this is a redirection, you will not get output in
the /dev/null. You should generate a bugzilla on selinux-policy, and it will get
routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ docs.fedoraproj ect.org/ selinux- faq-fc5/ #id2961385)
(http://
Additional Information:
Source Context unconfined_ u:system_ r:nscd_ t:s0-s0: c0.c1023 u:object_ r:device_ t:s0 policy- 3.7.19- 41.fc13 6-147.2. 4.fc13. i686.PAE #1 SMP
Fri Jul 23 17:21:06 UTC 2010 i686 i686 e966-4886- a1ad-7c3646e7cf be
Target Context unconfined_
Target Objects /dev/null [ file ]
Source nscd
Source Path /usr/sbin/nscd
Port <Unknown>
Host (removed)
Source RPM Packages nscd-2.12-3
Target RPM Packages
Policy RPM selinux-
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
Host Name (removed)
Platform Linux (removed) 2.6.33.
Alert Count 32
First Seen Sat 07 Aug 2010 02:59:13 PM PDT
Last Seen Sat 07 Aug 2010 03:01:13 PM PDT
Local ID ab9bee59-
Line Numbers
Raw Audit Messages
node=(removed) type=AVC msg=audit( 1281218473. 990:210) : avc: denied { write } for pid=4902 comm="nscd" path="/dev/null" dev=sda7 ino=169346 scontext= unconfined_ u:system_ r:nscd_ t:s0-s0: c0.c1023 tcontext= unconfined_ u:object_ r:device_ t:s0 tclass=file
node=(removed) type=SYSCALL msg=audit( 1281218473. 990:210) : arch=40000003 syscall=11 success=yes exit=0 a0=80598b3 a1=bffb77b0 a2=bffb77c4 a3=bffb7904 items=0 ppid=4898 pid=4902 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="nscd" exe="/usr/ sbin/nscd" subj=unconfined _u:system_ r:nscd_ t:s0-s0: c0.c1023 key=(null)
Hash String generated from leaks,nscd, nscd_t, device_ t,file, write
audit2allow suggests:
#============= nscd_t ==============
allow nscd_t device_t:file write;