Bug 1148302
| Summary: | Dictd-Server / SELinux: Missing policies prevent dictd-server start | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Thorsten <fedora> | ||||
| Component: | dictd | Assignee: | Karsten Hopp <karsten> | ||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 20 | CC: | karsten | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-06-15 12:10:18 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Two more policies were required:
module dictd6 1.0;
require {
type dictd_t;
type user_home_t;
type var_lib_t;
class dir search;
class file { read getattr open };
}
#============= dictd_t ==============
#!!!! This avc is allowed in the current policy
allow dictd_t user_home_t:dir search;
allow dictd_t user_home_t:file read;
#!!!! This avc is allowed in the current policy
allow dictd_t var_lib_t:file { read getattr open };
module dictd7 1.0;
require {
type dictd_t;
type user_home_t;
type var_lib_t;
class dir search;
class file { read getattr open };
}
#============= dictd_t ==============
#!!!! This avc is allowed in the current policy
allow dictd_t user_home_t:dir search;
allow dictd_t user_home_t:file open;
#!!!! This avc is allowed in the current policy
allow dictd_t user_home_t:file read;
#!!!! This avc is allowed in the current policy
allow dictd_t var_lib_t:file { read getattr open };
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. thanks for those selinux rules. I've added them to dictd-1.12.1-9. |
Created attachment 942925 [details] policies I had to create in order to successfully start dictd-server Description of problem: dictd-server does not start due to missing selinux policies (dictd-server is not in component list, therefore I set it to dictd.) Version-Release number of selected component (if applicable): dictd-server.x86_64 1.12.1-5.fc20 How reproducible: Install dictd-server, install dictionaries to /var/lib/dictd/... (directory owned by dictd with correct read/write permissions) Steps to Reproduce: 1. Install dictd-server 2. service start dictd-server Actual results: Nothing obvious on console, but message log shows some SELinux output Expected results: dictd-server starts and is accessible via dict command-line client OR readme file in /usr/share/doc/dictd-server/README gets some additional information if the files need to be in a specific folder to work The attachment contains the policies I had to create in order to successfully start dictd-server BTW: The naming-convention seems a bit awkward: dictd sounds lice dict demon, I'd expect packages to be dict and dictd (or dict and dict-server). Took me some time to figure out that dictd does *not* contain the server :-)