Bug 170301
Summary: | Login via Kerberos and NFS4/krb5i | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joachim Selke <mail> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | nalin |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.27.1-2.11 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-31 19:14:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joachim Selke
2005-10-10 16:36:55 UTC
Fixed in selinux-policy-*-1.27.1-2.6 The bug is not fixed yet. I updated a few minutes ago to selinux-policy-targeted-1.27.1-2.6 and did a complete relabeling of the filesystem. Here is the result: The login is successful, but gives the following errors: Could not chdir to home directory /home/selke: Permission denied -bash: /home/selke/.bash_profile: Permission denied /var/log/audit/audit.log says: type=AVC msg=audit(1129586483.447:34): avc: denied { write } for pid=1903 comm="rpc.gssd" name="krb5cc_10000_8OnCut" dev=hda2 ino=6606226 scontext=system_u:system_r:gssd_t tcontext=system_u:object_r:tmp_t tclass=file type=SYSCALL msg=audit(1129586483.447:34): arch=40000003 syscall=5 success=no exit=-13 a0=96b6318 a1=8002 a2=0 a3=8002 items=1 pid=1903 auid=4294967295 uid=0 gid=0 euid=10000 suid=0 fsuid=10000 egid=0 sgid=0 fsgid=0 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" type=CWD msg=audit(1129586483.447:34): cwd="/var/lib/nfs/rpc_pipefs/nfs" type=PATH msg=audit(1129586483.447:34): item=0 name="/tmp/krb5cc_10000_8OnCut" flags=101 inode=6606226 dev=03:02 mode=0100600 ouid=10000 ogid=10000 rdev=00:00 These messages are repeated several times. /var/log/messages: Oct 18 00:01:23 pupkin rpc.gssd[1903]: WARNING: Failed to create krb5 context for user with uid 10000 for server obelix.thi.uni-hannover.de This message is repeated several times too. Can you remove krb5cc_10000_8OnCut and then try again? Dan I did the following: 1. delete all files in /tmp 2. create /.autorelabel 3. reboot machine 4. login as "selke" (uid 10000) The result is the same as mentioned in my last comment. The only difference is the file name, now it is krb5cc_10000_emxaFS. But this is not remarkable because the name part after the uid seems to be a random sequence. selinux-policy-targeted-1.27.1-2.11 fixed the bug. Thank you! :-) |