Bug 1133368
Summary: | SELinux is preventing systemd-hostnam from 'unlink' accesses on the file hostname. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ankur Sinha (FranciscoD) <sanjay.ankur> |
Component: | anaconda | Assignee: | Brian Lane <bcl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 21 | CC: | anaconda-maint-list, bitlord0xff, bochecha, charles.tryon, dominick.grift, dwalsh, flokip, g.kaviyarasu, hk.stefansson, johannbg, jonathan, jsynacek, keramidasceid, lnykryn, lvrabec, mgrepl, msekleta, rjt, sanjay.ankur, smittix, s, systemd-maint, vanmeeuwen+fedora, vedran, vpavlin, yasuakit+rhbugzilla, zbyszek |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:17e87595f761f76bc6612c45a32fb8087e107e9e16712f4dbe654c83e0d9ee5a | ||
Fixed In Version: | anaconda-21.48.10-1.fc21 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-20 23:01:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ankur Sinha (FranciscoD)
2014-08-25 03:43:28 UTC
Your /etc/hostname is mislabeled. # restorecon -v /etc/hostname will fix it. Did you place this file by hand or did it happen by default? Naw. I didn't place it by hand. It was some system utility - probably gnome settings. I've run restorecon. If it comes up again, I'll let you know. This just happened to me, first login after installing Fedora 21 Alpha TC7. Seems like something is creating /etc/hostname with the wrong label during the installation? Description of problem: Running # hostnamectl set-hostname F21TC6 --static with no error message in F20 this wsa possible Version-Release number of selected component: selinux-policy-3.13.1-82.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-300.fc21.x86_64 type: libreport Description of problem: Changed hostname with hostnamectl as root Version-Release number of selected component: selinux-policy-3.13.1-82.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-300.fc21.x86_64 type: libreport Something tells me this is being created with an alternate name and renamed to /etc/hostname. Description of problem: Changed hostname within 'details'/ 'All Settings' Version-Release number of selected component: selinux-policy-3.13.1-84.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.3-302.fc21.x86_64 type: libreport (In reply to Daniel Walsh from comment #7) > Something tells me this is being created with an alternate name and renamed > to /etc/hostname. Yes, of course. The file is created as /etc/hostname.XXXXXXX and written and then atomically renamed to /etc/hostname. static int context_write_data_static_hostname(Context *c) { write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); } int write_string_file_atomic_label(const char *fn, const char *line) { label_context_set(fn, S_IFREG); write_string_file_atomic(fn, line); label_context_clear(); } Well this looks like it is mislabeled before systemd touches it, systemd has the proper labeling code to handle it and make sure it is labeled correctly after it modifies it, But systemd-hostname is prevented from removing the original file since it is labeled incorrectly during the install. Yes, /etc/hostname seems to be created 'unconfined'. I think anaconda creates the file, reassigning. Summary: Installation from F21 Live results in /etc/hostname which has SELinux context unconfined_u:object_r:etc_t:s0 instead of the expected system_u:object_r:hostname_etc_t:s0. This causes problems later when systemd-hostnamed tries to replace the file to set a new value. anaconda-21.48.10-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/anaconda-21.48.10-1.fc21 Package anaconda-21.48.10-1.fc21, pykickstart-1.99.63-2.fc21, python-blivet-0.61.5-1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-21.48.10-1.fc21 pykickstart-1.99.63-2.fc21 python-blivet-0.61.5-1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-12944/pykickstart-1.99.63-2.fc21,python-blivet-0.61.5-1.fc21,anaconda-21.48.10-1.fc21 then log in and leave karma (feedback). Description of problem: Attempted to run 'sudo hostnamectl --static set-hostname ansalon.home'. The command returned with 'Could not set property: Access denied'. Version-Release number of selected component: selinux-policy-3.13.1-85.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.17.0-301.fc21.x86_64 type: libreport Description of problem: I tried to set the hostname of my PC using the hostnamectl command Version-Release number of selected component: selinux-policy-3.13.1-86.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-300.fc21.x86_64 type: libreport user@localhost ~ $ sudo hostnamectl set-hostname --static "Hostname" We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for user: Could not set property: Access denied user@localhost ~ $ su Password: root ~ # hostnamectl set-hostname --static "Hostname" Could not set property: Access denied root ~ # /sbin/restorecon -v /etc/hostname /sbin/restorecon reset /etc/hostname context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:hostname_etc_t:s0 root ~ # semanage fcontext -a -t FILE_TYPE '/etc/hostname' ValueError: Type FILE_TYPE is invalid, must be a file or device type root ~ # semanage fcontext -a -t hostname_etc_t '/etc/hostname' root ~ # restorecon -v '/etc/hostname' root ~ # grep systemd-hostnam /var/log/audit/audit.log | audit2allow -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp root ~ # semodule -i mypol.pp root ~ # hostnamectl set-hostname --static "Hostname" root ~ # exit Description of problem: Tried to change the hostname using the hostnamectl command Version-Release number of selected component: selinux-policy-3.13.1-86.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-302.fc21.x86_64 type: libreport anaconda-21.48.10-1.fc21, pykickstart-1.99.63-2.fc21, python-blivet-0.61.5-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. Description of problem: $ su - Password: Enter password # hostnamectl set-hostname --static fdrdev01 Could not set property: Access denied Version-Release number of selected component: selinux-policy-3.13.1-90.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.16.1-301.fc21.x86_64 type: libreport Richard, Vasilis, Kristjan, Taniguchi: as you can see from comment #12, the selinux policy is fine, and its version is irrelevant. anaconda was changed to run restorecon on /etc/hostname, but that happens only when anaconda is run. You can simply run 'restorecon /etc/hostname' by hand. Description of problem: Installed Fedora 21 (Alpha) and forgot to set hostname in the initial configuration Later, tried to set the system hostname through the command: sudo hostnamectl set-hostname --static "somethimg.somewhere.net" Version-Release number of selected component: selinux-policy-3.13.1-90.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.1-304.fc21.x86_64 type: libreport Charles, see comment #21. (Alpha was released on Sep 23, before the update we're talking about here was released.) |