* Re: Why is bash calling ioctl?
[not found] <84f08014-17f6-f0a9-0f98-34d62ca84abf@gmail.com>
@ 2019-01-30 18:16 ` Stephen Smalley
0 siblings, 0 replies; only message in thread
From: Stephen Smalley @ 2019-01-30 18:16 UTC (permalink / raw)
To: Ian Pilcher, SELinux
On 1/30/19 12:59 PM, Ian Pilcher wrote:
> This is not strictly an SELinux question, but I figure that someone may
> have run across this before and have some idea what's going on.
>
> type=AVC msg=audit(1548870149.222:8945): avc: denied { ioctl } for
> pid=20752 comm="bash" path="/etc/pki/radiusd/certmonger-post.sh"
> dev="dm-0" ino=8415894 ioctlcmd=5401
> scontext=system_u:system_r:certmonger_t:s0
> tcontext=unconfined_u:object_r:radiusd_cert_t:s0 tclass=file permissive=0
>
> This occurs when certmonger runs:
>
> '/usr/bin/bash /etc/pki/radiusd/certmonger-post.sh'
>
> Try as a might, I can't think of any reason why bash would be calling
> ioctl on a script file, so I'm not sure whether to dontaudit or allow
> this (as it seems to be a non-fatal error).
>
> Anyone have any ideas?
(corrected list address to the new list location; please note for future
postings)
ioctlcmd=5401 is TCGETS. This is used by isatty() to probe whether a
descriptor refers to a tty. bash is checking whether the descriptor is
a tty. You can generally dontaudit harmlessly.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-01-30 18:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <84f08014-17f6-f0a9-0f98-34d62ca84abf@gmail.com>
2019-01-30 18:16 ` Why is bash calling ioctl? Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).