Bug 119671

Summary: up2date does not work in enforcing mode on SELinux
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: mboxof-rhbug
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-27 01:54:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 120068, 122683    

Description Daniel Walsh 2004-04-01 12:58:47 UTC 
Description of problem:
up2date is not running under a context that allows it to install rpm
files.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Try to run up2date
2.
3.
  
Actual results:


Expected results:


Additional info:
You need to modify /etc/security/console.apps/up2date

USER=root
PROGRAM=/usr/sbin/up2date
NOXOPTION=--nox
SESSION=true
ROLE=sysadm_r
TYPE=rpm_t

ROLE and TYPE will cause up2date to run with the rpm_t policy and
allow it to install rpm's on a SELinux box.  If the box
is not SELinux these fields will be ignored.

Could you add them to the up2date package.

>
Comment 1 Chen Nan 2004-04-01 15:11:39 UTC 
I don't know whether this is the same issue, but for my case up2date
couldn't even run.

If I start up2date as a normal user, I get the following error after
entering root password:
"Could not set exec context to user_u:sysadm_r:sysadm_t."

If I start update as root user, it runs.
Comment 2 Steve Ward 2004-04-02 02:45:26 UTC 
I tried making the change recommended, it had no effect.
Comment 3 Chen Nan 2004-04-03 02:16:31 UTC 
I tried to modify "/etc/security/console.apps/up2date" to add the
following lines as recommended by the bug reporter:

ROLE=sysadm_r
TYPE=rpm_t

I got the following error:

[chennan@localhost chennan]$ up2date
Could not set exec context to user_u:rpm_t:sysadm_r.
Broken pipe
Comment 4 Daniel Walsh 2004-04-03 05:24:06 UTC 
You need to update the usermode package and grab the latest policy files.
Comment 5 Adrian Likins 2004-04-05 19:00:18 UTC 
committed to cvs, 4.3.15 or higher should have it
Comment 6 Carlos 2004-04-06 16:36:53 UTC 
running uptodate stated there was an ethereal dependency problem..
after rebooting i got to:
halted
Kernel Panic: attempted to kill init!
to fix this i had to boot into rescue mode...and edit the following:
/etc/sysconfig/selinux
this originally read:
SELINUX=enforcing
in order to boot my system I changed it to:
SELINUX=disabled
then had to:
chroot /mnt/sysimage
to get back into fedora core 2 test 2

hope this info helps... just reporting my similar problem.
Comment 7 Noa Resare 2004-04-09 20:57:23 UTC 
Initially I had the same problem as #3 above, but upgrading to
policy-1.10.1-4 and kernel-2.6.5-1.308 from the development tree on an
otherwise blank fc2test2 resolves this.

My recomendation would be to close this as RAWHIDE