Bug 190764
Summary: | Semodule -i is denied access for { search } | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Penelope Fudd <bugzilla.redhat.com> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5 | CC: | bojan, dwalsh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-03-28 20:02:04 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Penelope Fudd
2006-05-04 23:30:04 UTC
Created attachment 128641 [details]
A cgi script to exercise the error. (Connect/disconnect to postgres)
Additionally, touching /.autorelabel and rebooting didn't help. Output of id: uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=user_u:system_r:unconfined_t Output of ls -Z dbcgi.pp -rw-r--r-- root 501 user_u:object_r:tmp_t dbcgi.pp Whoops, I may have made some progress; running system-config-securitylevel and setting selinux to permissive allowed me to run semodule. Now the cgi script is giving a different error; time to repeat the process. Ok, problems fixed. Is semodule designed to not work in enforcing mode? I don't know whether this is a feature or a bug. :-) One more comment: I installed phpPgAdmin, and it didn't have a problem connecting to /tmp/s.PGSQL.5432. Does this mean that php scripts have lower security than cgi scripts? Fixed in 2.2.38-1.fc5 Hmm, I don't think this was quite fixed yet. I'm getting this when trying to install a module for clamd: type=AVC msg=audit(1148334195.071:111): avc: denied { rmdir } for pid=2536 comm="semodule" name="modules" dev=dm-0 ino=480853 scontext=root:system_r:semanage_t:s0-s0:c0.c255 tcontext=user_u:object_r:selinux_config_t:s0 tclass=dir The policy isn't allowing directories under /etc/selinux/targeted/modules to be removed, so the install fails in enforcing mode. Closing bugs |