Bug 132739

Summary: SELinux interferes with authconfig (nscd)
Product: [Fedora] Fedora Reporter: Daniel Reed <djr>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: drepper.fsp, walters
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-30 01:16:39 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 130887, 133652    

Description Daniel Reed 2004-09-16 11:32:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
Stopping portmap:                                          [  OK  ]
Starting portmap: audit(1095348109.539:0): avc:  denied  { read write
} for  pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
audit(1095348109.542:0): avc:  denied  { read write } for  pid=4082
exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
                                                           [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
Stopping nscd: audit(1095348110.117:0): avc:  denied  { search } for 
pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.124:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.132:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]
Starting nscd: audit(1095348110.165:0): avc:  denied  { search } for 
pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.176:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.189:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.16-2

Steps to Reproduce:
1. Install FC3-re0915.2
2. Do not specify any network ident./auth. during firstboot
3. Run authconfig from console
4. Specify caching, NIS, and Kerberos
    

Actual Results:  Identity and authentication services do reconfigure
properly, but there is a large spew, and nscd fails to start.
Comment 1 Daniel Walsh 2004-09-21 16:48:56 EDT
Fixed in selinux-policy-targeted-1.17.19-2
Comment 3 Ulrich Drepper 2004-10-30 01:16:39 EDT
I certainly have nscd now running with the targeted policy.  Closing.