Bug 117115

Summary: Problem running programs what need root privileges as normal user in X
Product: [Fedora] Fedora Reporter: Vaclav "sHINOBI" Misek <misek>
Component: policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bmillett, ronny-rhbugzilla, schwandter+bugs
Target Milestone: ---   
Target Release: ---   
Hardware: athlon   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-04 20:38:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Vaclav "sHINOBI" Misek 2004-02-28 19:52:35 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217

Description of problem:
When I try to start any program, what needs root privileges (like
system config tools, xmtr etc.), there appear dialog requesting for
root pasword. After entering password, there is error message "Could
not set exec context to user_u:sysadm_r:sysadm_t."

Version-Release number of selected component (if applicable):
policy-1.6-13

How reproducible:
Always

Steps to Reproduce:
1. run xmtr from xterm as non root user
2. enter root password
3.
    

Actual Results:  error message "Could not set exec context to
user_u:sysadm_r:sysadm_t."

Expected Results:  No error message, programs should be run with root
privileges (context should be set correctly).

Additional info:

Comment 1 Ronny Buchmann 2004-02-29 09:54:21 UTC
The long list of avc denied messages when trying to start programs
with consolehelper


avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t
tclass=file
 
avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1 dev=hda3 ino=543665
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { create } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { link } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { unlink } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { rename } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.NEW dev=hda3 ino=543666
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=ronny dev=hda3 ino=543603 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { add_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { create } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { link } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { read } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5901 exe=/usr/X11R6/bin/xauth
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { remove_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { unlink } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { create } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { setattr } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { link } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA-c dev=hda3 ino=227161
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { write } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { read } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { getattr } for  pid=5902 exe=/usr/X11R6/bin/xauth
path=/root/.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { unlink } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file


Comment 2 Bill Nottingham 2004-03-02 06:14:08 UTC
*** Bug 117200 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2004-03-25 18:44:18 UTC
Fixed in policy-1.9-18.src.rpm


Comment 4 Vaclav "sHINOBI" Misek 2004-04-01 22:22:54 UTC
Hmm, strange, I'm still observing the same behavior with updated
system to rawhide from 1st April (policy-1.9.2-1). I tried to run
fixfiles relabel and then reboot without any change.

Comment 5 Daniel Walsh 2004-04-02 13:29:28 UTC
You need to upgrade the version of usermode to 1.70-2
If you want to run up2date, that also needs an update.

Dan

Comment 6 Vaclav "sHINOBI" Misek 2004-04-04 20:38:06 UTC
Yes, this issue seems to be resolved, therefore I'm closing it with
Rawhide