SELinux Archive on lore.kernel.org
 help / Atom feed
* Re: Why is bash calling ioctl?
       [not found] <84f08014-17f6-f0a9-0f98-34d62ca84abf@gmail.com>
@ 2019-01-30 18:16 ` Stephen Smalley
  0 siblings, 0 replies; 1+ messages in thread
From: Stephen Smalley @ 2019-01-30 18:16 UTC (permalink / raw)
  To: Ian Pilcher, SELinux

On 1/30/19 12:59 PM, Ian Pilcher wrote:
> This is not strictly an SELinux question, but I figure that someone may
> have run across this before and have some idea what's going on.
> 
>   type=AVC msg=audit(1548870149.222:8945): avc:  denied  { ioctl } for 
> pid=20752 comm="bash" path="/etc/pki/radiusd/certmonger-post.sh" 
> dev="dm-0" ino=8415894 ioctlcmd=5401 
> scontext=system_u:system_r:certmonger_t:s0 
> tcontext=unconfined_u:object_r:radiusd_cert_t:s0 tclass=file permissive=0
> 
> This occurs when certmonger runs:
> 
>    '/usr/bin/bash /etc/pki/radiusd/certmonger-post.sh'
> 
> Try as a might, I can't think of any reason why bash would be calling
> ioctl on a script file, so I'm not sure whether to dontaudit or allow
> this (as it seems to be a non-fatal error).
> 
> Anyone have any ideas?

(corrected list address to the new list location; please note for future 
postings)

ioctlcmd=5401 is TCGETS.  This is used by isatty() to probe whether a 
descriptor refers to a tty.  bash is checking whether the descriptor is 
a tty.  You can generally dontaudit harmlessly.



^ permalink raw reply	[flat|nested] 1+ messages in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <84f08014-17f6-f0a9-0f98-34d62ca84abf@gmail.com>
2019-01-30 18:16 ` Why is bash calling ioctl? Stephen Smalley

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox