Bug 120854

Summary: cannot run up2date as sysadm_r user (can as root)
Product: [Fedora] Fedora Reporter: Gene Czarcinski <gczarcinski>
Component: policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: pgraner
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-21 21:13:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114961    

Description Gene Czarcinski 2004-04-14 15:43:16 UTC 
Description of problem:

I cannot run up2date from a sysadm_r user login.  I get the prompt for
the password but then it just quits.

policy = 1.11.2-1
up2date = 4.3.16-1

from /var/log/messages:

Apr 14 11:37:23 chaos kernel: audit(1081957043.719:0): avc:  denied  {
transition } for  pid=3104 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:staff_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process
Comment 1 Daniel Walsh 2004-04-15 15:37:12 UTC 
Fixed in rawhide policy-1.11.2-6
Comment 2 Gene Czarcinski 2004-04-15 17:15:23 UTC 
Nope, still not working (with policy-1.11.2-6 applied):

Apr 15 13:19:02 chaos kernel: audit(1082049542.764:0): avc:  denied  {
transition } for  pid=3298 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:sysadm_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process
Comment 3 Gene Czarcinski 2004-04-17 20:55:34 UTC 
reverified still a problem with policy=1.11.2-9

Apr 17 16:53:09 chaos kernel: audit(1082235189.335:0): avc:  denied  {
transition } for  pid=23150 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:sysadm_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process
Comment 4 Colin Walters 2004-04-21 21:13:45 UTC 
Ok, should be fixed in the next policy upload (1.11.2-15).
Comment 5 Gene Czarcinski 2004-04-28 15:45:56 UTC 
Verified fixed in FC2-T3 plus policy=1.11.2-18 and up2date=4.3.17