Bug 1000301
Summary: | SELinux is preventing /usr/bin/python2.7 from 'write' accesses on the file /etc/yum.repos.d/redhat.repo. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Gerd Hoffmann <kraxel> |
Component: | subscription-manager | Assignee: | candlepin-bugs |
Status: | CLOSED DUPLICATE | QA Contact: | John Sefler <jsefler> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | bkearney, ckozak, dgoodwin, mgrepl, mmalik, spandey |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | abrt_hash:f0142a708f65c1b182171fc5762cfd63df582e32adcf11dc6d8f772364e6eed2 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-05 20:44:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 863175 |
Description
Gerd Hoffmann
2013-08-23 06:54:46 UTC
So rhsmcertd-worker can write anything in /etc/yum.repos.d/ dir, right? (In reply to Miroslav Grepl from comment #2) > So rhsmcertd-worker can write anything in /etc/yum.repos.d/ dir, right? No we just write to the one specific redhat.repo file, but it would seem acceptable to be able to write anything there if that helps things along. It also needs access to some directories in /etc/pki, which appears to be missing in rhel7 We need access to /etc/pki/consumer and /etc/pki/entitlement, as well as redhat.repo Here are my 2 denials. type=AVC msg=audit(1383144333.585:538): avc: denied { write } for pid=2692 comm="rhsmcertd-worke" name="redhat.repo" dev="dm-0" ino=37559621 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file type=SYSCALL msg=audit(1383144333.585:538): arch=c000003e syscall=2 success=no exit=-13 a0=2726d50 a1=241 a2=1b6 a3=fffffff0 items=0 ppid=1333 pid=2692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/bin/python2.7" subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(1383144334.075:539): avc: denied { write } for pid=2713 comm="rhsmcertd-worke" name="entitlement" dev="dm-0" ino=1422984 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:cert_t:s0 tclass=dir type=SYSCALL msg=audit(1383144334.075:539): arch=c000003e syscall=2 success=no exit=-13 a0=20801f0 a1=241 a2=1b6 a3=0 items=0 ppid=1333 pid=2713 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/bin/python2.7" subj=system_u:system_r:rhsmcertd_t:s0 key=(null) *** Bug 1017010 has been marked as a duplicate of this bug. *** *** This bug has been marked as a duplicate of bug 822402 *** |