Bug 227616
Summary: | SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t) - seems to be limited to Xen guests | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Len DiMaggio <ldimaggi> | ||||
Component: | conga | Assignee: | Jim Parsons <jparsons> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Corey Marthaler <cmarthal> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.0 | CC: | cluster-maint, dwalsh, jneedle, kanderso, kupcevic, rmccabe | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-02-12 15:57:53 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Len DiMaggio
2007-02-07 02:35:30 UTC
Created attachment 147533 [details]
Audit log
Note - the installation of luci and ricci do create user accounts and entries in /etc/passwd. luci:x:250:251::/var/lib/luci:/sbin/nologin ricci:x:251:252::/var/lib/ricci:/sbin/nologin Cannot recreate the problem on a non-Xen system: Feb 7 08:39:36 tng3-5 Installed: luci.i386 0.8-30.el5 Feb 7 08:41:05 tng3-5 Installed: oddjob.i386 0.27-7 Feb 7 08:41:06 tng3-5 Installed: modcluster.i386 0.8-27.el5 Feb 7 08:41:12 tng3-5 Installed: oddjob-libs.i386 0.27-7 Feb 7 08:41:13 tng3-5 Installed: ricci.i386 0.8-30.el5 [root@tng3-5 ~]# rpm -q selinux-policy selinux-policy-targeted luci ricci selinux-policy-2.4.6-35.el5 selinux-policy-targeted-2.4.6-35.el5 luci-0.8-30.el5 ricci-0.8-30.el5 [root@tng3-5 ~]# uname -a Linux tng3-5 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux The problem is faillog is labeled incorrectly. restorecon /var/log/faillog will fix the problem. This should have been labeled correctly on install by pam. Any idea why its context is wrong? Hmm. Well, one of the affected systems was a copy of the other, so whatever caused the issue on snausages would simply have been copied to the other system. No idea what might have caused this, though. This was a fresh install from the 20070118 nightly trees, which should be pretty close to production. From anaconda.log: 14:02:32 INFO : set fc of /var/log/btmp to system_u:object_r:faillog_t:s0 so it was set correctly on install. I haven't really done anything to that xen instance that would touch faillog. Something's really odd here. Yeah, ignore that. That's /var/log/btmp. Since this is caused by the bug detailed in bug 209646, I'm going to close this as a duplicate. *** This bug has been marked as a duplicate of 209646 *** |