#803 avc generated for useradd in pkispawn scripts.
Closed: Fixed None Opened 9 years ago by vakwetu.

type=AVC msg=audit(1384880956.935:5443): avc: denied { write } for pid=10798 comm="useradd" path="/var/log/pki/pki-ca-spawn.20131119120914.log" dev="vda3" ino=418643 scontext=system_u:unconfined_r:useradd_t:s0 tcontext=system_u:object_r:pki_log_t:s0 tclass=file

This happens because the file descriptors for the log file are still open when the useradd call is made. We can fix this by passing close_fds in the useradd check_call invocation.

Fixed in master and 10.0

To ssh://vakwetu@git.fedorahosted.org/git/pki.git
8eed4ce..05f4f01 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH

Metadata Update from @vakwetu:
- Issue set to the milestone: 10.1 - 10/13 (October)

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.