Bug 133471

Summary: Umbrella FC4 SELinux tracker
Product: [Fedora] Fedora Reporter: Russell Coker <russell>
Component: selinux-policy-strictAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-08 18:04:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 121207, 124835, 125932, 128780, 131188, 138358, 140059, 149819    
Bug Blocks:    

Description Russell Coker 2004-09-24 09:19:05 UTC
Description of problem: 
 
Tracker bug for outstanding SELinux bugs that we must fix for FC4. 
This includes stuff from selinux-policy-strict and 
selinux-policy-targeted

Comment 1 Gabriel Schulhof 2005-02-26 16:36:46 UTC
Updating  : selinux-policy-targeted      ####################### [14/45]
sepol_genusers: Can't load system.users:  No such file or directory
/usr/sbin/load_policy:  Error while setting user configuration from
/etc/selinux/targeted/users//{local.users,system.users}:  No such file
or directory

.discinfo is:
1109417746.941317
Fedora Core 4
ppc
1,2,3,4,5
Fedora/base
Fedora/RPMS
Fedora/pixmaps


Comment 2 Gabriel Schulhof 2005-02-26 16:52:03 UTC
Additionally, since approximately kernel build 766 the following
errors show up during boot:

arping: error while loading shared libraries: cannot restore segment
prot after reloc: Permission denied

Starting system logger: syslogd: error while loading shared libraries:
libc.so.6: failed to map segment from shared object: Permission denied

audit(1109380338.264:0): avc:  denied  { execmem } for  pid=2340
comm=portmap scontext=user_u:system_r:portmap_t
tcontext=user_u:system_r:portmap_t tclass=process
portmap: error while loading shared libraries: libnsl.so.1: failed to
map segment from shared object: Permission denied

audit(1109380338.463:0): avc:  denied  { execmem } for  pid=2357
comm=rpc.statd scontext=user_u:system_r:rpcd_t
tcontext=user_u:system_r:rpcd_t tclass=process
rpc.statd: error while loading shared libraries: libwrap.so.0: failed
to map segment from shared object: Permission denied

audit(1109380339.031:0): avc:  denied  { execmem } for  pid=2392
comm=rpc.idmapd scontext=user_u:system_r:r
rpc.idmapd: error while loading shared libraries: libldap-2.2.so.7:
failed to map segment from shared object: Permission denied

audit(1109380340.832:0): avc:  denied  { execmod } for  pid=2510
comm=smartd path=/usr/sbin/smartd dev=hda5 ino=663228
scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:sbin_t
tclass=file
/usr/sbin/smartd: error while loading shared libraries: cannot restore
segment prot after reloc: Permission denied

Starting xinetd: audit(1109380341.053:0): avc:  denied  { execmod }
for  pid=2519 comm=xinetd path=/usr/sbin/xinetd dev=hda5 ino=663469
scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:sbin_t
tclass=file
xinetd: error while loading shared libraries: cannot restore segment
prot after reloc: Permission denied

audit(1109380341.266:0): avc:  denied  { execmem } for  pid=2531
comm=ntpdate scontext=user_u:system_r:ntpd_t
tcontext=user_u:system_r:ntpd_t tclass=process
audit(1109380341.330:0): avc:  denied  { execmem } for  pid=2533
comm=ntpd scontext=user_u:system_r:ntpd_t
tcontext=user_u:system_r:ntpd_t tclass=process
ntpd: error while loading shared libraries: libm.so.6: failed to map
segment from shared object: Permission denied

audit(1109380343.738:0): avc:  denied  { execmod } for  pid=2604
comm=crond path=/usr/sbin/crond dev=hda5 ino=662889
scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:sbin_t
tclass=file
crond: error while loading shared libraries: cannot restore segment
prot after reloc: Permission denied

audit(1109380346.308:0): avc:  denied  { execmod } for  pid=2654
comm=atd path=/usr/sbin/atd dev=hda5 ino=662510
scontext=user_u:system_r:initrc_t tcontext=system_u:object_r:sbin_t
tclass=file
/usr/sbin/atd: error while loading shared libraries: cannot restore
segment prot after reloc: Permission denied


Comment 3 Russell Coker 2005-02-26 16:55:30 UTC
This is a tracker bug, not a place to put arbitrary comments! 
 
If you have a bug to report then create a new bugzilla entry, don't 
append to this one.  This bug will be closed when FC4 is released.