Bug 1574537
Summary: | svnserve cannot contact saslauthd service | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Renaud Métrich <rmetrich> | |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.5 | CC: | lvrabec, mgrepl, mmalik, plautrba, ssekidde | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-199.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1574671 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 10:03:50 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Renaud Métrich
2018-05-03 13:58:54 UTC
Thanks for the scenario, Renaud. Caught in enforcing mode: ---- type=PROCTITLE msg=audit(05/03/2018 10:10:17.963:397) : proctitle=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /var/svn type=PATH msg=audit(05/03/2018 10:10:17.963:397) : item=0 name=/run/saslauthd/mux inode=104850 dev=00:14 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:saslauthd_var_run_t:s0 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(05/03/2018 10:10:17.963:397) : cwd=/ type=SOCKADDR msg=audit(05/03/2018 10:10:17.963:397) : saddr={ fam=local path=/run/saslauthd/mux } type=SYSCALL msg=audit(05/03/2018 10:10:17.963:397) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffd14c7a810 a2=0x6e a3=0x7ffd14c7a220 items=1 ppid=10267 pid=10270 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=svnserve exe=/usr/bin/svnserve subj=system_u:system_r:svnserve_t:s0 key=(null) type=AVC msg=audit(05/03/2018 10:10:17.963:397) : avc: denied { connectto } for pid=10270 comm=svnserve path=/run/saslauthd/mux scontext=system_u:system_r:svnserve_t:s0 tcontext=system_u:system_r:saslauthd_t:s0 tclass=unix_stream_socket ---- Caught in permissive mode: ---- type=PROCTITLE msg=audit(05/03/2018 10:11:24.145:400) : proctitle=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /var/svn type=PATH msg=audit(05/03/2018 10:11:24.145:400) : item=0 name=/run/saslauthd/mux inode=104850 dev=00:14 mode=socket,777 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:saslauthd_var_run_t:s0 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(05/03/2018 10:11:24.145:400) : cwd=/ type=SOCKADDR msg=audit(05/03/2018 10:11:24.145:400) : saddr={ fam=local path=/run/saslauthd/mux } type=SYSCALL msg=audit(05/03/2018 10:11:24.145:400) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x3 a1=0x7ffd14c7a810 a2=0x6e a3=0x7ffd14c7a220 items=1 ppid=10267 pid=10276 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=svnserve exe=/usr/bin/svnserve subj=system_u:system_r:svnserve_t:s0 key=(null) type=AVC msg=audit(05/03/2018 10:11:24.145:400) : avc: denied { connectto } for pid=10276 comm=svnserve path=/run/saslauthd/mux scontext=system_u:system_r:svnserve_t:s0 tcontext=system_u:system_r:saslauthd_t:s0 tclass=unix_stream_socket ---- For QE purposes: Successful authentication via svn CLI requires following operation to be done first: # ln -s /etc/pam.d/login /etc/pam.d/svn Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |