Bug 118997
Summary: | avc denied: firstboot: "use network login" does not launch config tool | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ben Levenson <benl> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | bfox, pgraner |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-05-07 03:57:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
Ben Levenson
2004-03-23 18:45:42 UTC
Possible dupe of bug #118061? I don't think so, but I've added a comment to bug# 118061. I have fixed this problem with policy-1.9-12 But their are probably more. Could you run it in non enforcing mode and see what happens. Then grab the AVC messages. It turns out that I broke the first rule of SELinux testing: I forgot to verify that "use network login" worked as expected while in permissive mode. It didn't. Anyway, here are all of the denials I get with firstboot: (still using policy-1.9-11) stage 1: firstboot starts X avc: denied { unix_read unix_write } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm avc: denied { read write } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm avc: denied { getattr associate } for pid=16537 exe=/usr/X11R6/bin/XFree86 key=0 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:system_r:initrc_t tclass=shm stage2: clicking "use network login" avc: denied { use } for pid=16616 exe=/usr/sbin/userhelper path=/dev/console dev=hdb1 ino=459355 scontext=system_u:system_r:userhelper_t tcontext=system_u:system_r:init_t tclass=fd avc: denied { sys_tty_config } for pid=16616 exe=/usr/sbin/userhelper capability=26 scontext=system_u:system_r:userhelper_t tcontext=system_u:system_r:userhelper_t tclass=capability stage 3: adding a user avc: denied { use } for pid=16618 exe=/usr/sbin/useradd path=/dev/console dev=hdb1 ino=459355 scontext=system_u:system_r:useradd_t tcontext=system_u:system_r:init_t tclass=fd avc: denied { write } for pid=16619 exe=/usr/bin/chfn name=fscreate dev= ino=1089142806 scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=file opened bug# 119008 for tracking related (non-SELinux) issue. *** Bug 119008 has been marked as a duplicate of this bug. *** Issue w/ launching config tool appears to be SELinux-related afterall: Could not set exec context to system_u:sysadm_r:sysadm_t Put lots of fixed in policy-1-9-15 that might fix this. Dan Closing. Reopen if you still see it. |