Bug 1258453
| Summary: | xrdp binaries labelled incorrectly, this prevents service start under systemd | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lukas Vrabec <lvrabec> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 24 | CC: | bill, bojan, dominick.grift, dwalsh, extras-qa, lvrabec, mgrepl, plautrba, vikigoyal |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.13.1-185.fc24 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1244573 | Environment: | |
| Last Closed: | 2016-05-14 23:27:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1177202, 1244573 | ||
| Bug Blocks: | |||
|
Description
Lukas Vrabec
2015-08-31 12:18:04 UTC
*** Bug 1244607 has been marked as a duplicate of this bug. *** I can confirm this bug and fix on RHEL 7 (Google VM). [1:root@aps local]$ rpm -q xrdp xrdp-0.9.0-4.el7.x86_64 WAS running (setenforce 0): [1:root@aps local 148]$ ps -eZ | grep xrdp system_u:unconfined_r:init_t:s0 11186 ? 00:00:00 xrdp-sesman system_u:unconfined_r:init_t:s0 11187 ? 00:00:00 xrdp /var/log/messages: Jan 28 05:48:56 aps kernel: SELinux: Context system_u:unconfined_r:init_t:s0 would be invalid if enforcing [0:root@aps ~]$ ls -lZ /usr/sbin/xrdp* -rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /usr/sbin/xrdp -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/sbin/xrdp-chansrv -rwxr-xr-x. root root system_u:object_r:unconfined_exec_t:s0 /usr/sbin/xrdp-sesman -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/sbin/xrdp-sessvc # ----------------------- NOW after: # chcon -t bin_t /usr/sbin/xrdp # chcon -t bin_t /usr/sbin/xrdp-sesman [1:root@aps local]$ ps -eZ | grep xrdp system_u:system_r:unconfined_service_t:s0 15286 ? 00:00:00 xrdp-sesman system_u:system_r:unconfined_service_t:s0 15287 ? 00:00:00 xrdp system_u:system_r:unconfined_service_t:s0 15328 ? 00:00:01 xrdp system_u:system_r:unconfined_service_t:s0 15333 ? 00:00:00 xrdp-sessvc system_u:system_r:unconfined_service_t:s0 15334 ? 00:00:00 xrdp-sesman system_u:system_r:unconfined_service_t:s0 15336 ? 00:00:00 xrdp-chansrv and SElinux is in enforcing mode with no errors in /var/log/messages I've connected from a Windows RDP client and all appears to run fine. This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase selinux-policy-3.13.1-185.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f4619cd21 selinux-policy-3.13.1-185.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f4619cd21 selinux-policy-3.13.1-185.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |