Bug 237762
Summary: | AVC denial on "net groupmap add" command | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Markku Kolkka <markku.kolkka> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | shaikomer |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.4.6-72.fc6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-29 09:38:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Markku Kolkka
2007-04-25 09:53:47 UTC
Same results with selinux-policy-2.4.6-69.fc6: avc: denied { write } for comm="net" dev=dm-0 egid=0 euid=0 exe="/usr/bin/net" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="passdb.tdb" pid=32123 scontext=user_u:system_r:samba_net_t:s0 sgid=0 subj=user_u:system_r:samba_net_t:s0 suid=0 tclass=file tcontext=user_u:object_r:samba_etc_t:s0 tty=pts2 uid=0 You can fix this by the following command. chcon -t samba_secrets_t /etc/samba/passdb.tdb I will fix the file context in selinux-policy-2.4.6-71 iam running Red Hat Enterprise Sever 5.0 and iam trying to install websphere 6.1 i got this error could plz guide me to fix the problem even i run the command set sebool -p allow_execmod=1 allow_execstack=1 allow_execmem=1 didn't work any help will be appricated repository/package.java.jre/java/jre/bin/libj9jit23.so which requires text relocation.Detailed DescriptionThe /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/java application attempted to load /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.so which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. You can configure SELinux temporarily to allow /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.so to use relocation as a workaround, until the library is fixed. Please file a bug report against this package.Allowing AccessIf you trust /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.so"The following command will allow this access:chcon -t textrel_shlib_t /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.soAdditional InformationSource Context: root:system_r:unconfined_t:SystemLow-SystemHighTarget Context: root:object_r:etc_runtime_tTarget Objects: /web/JDK/jre.pak/repository/package.java.jre/java/jre/bin/libj9jit23.so [ file ]Affected RPM Packages: Policy RPM: selinux-policy-2.4.6-30.el5Selinux Enabled: TruePolicy Type: targeted First run restorecon -R -v /web You can turn off the execmod checking by executing # setsebool -P allow_execmod 1 Or you could change all the so files under /web to be textrel_shlib_t # semanage fcontext -t textrel_shlib_t '/web/JDK/jre.pak/.*so' # restorecon -R -v /web my problem is solved and iam able to install the websphere server 6.1 on Red hat Enterprise 5.0 this first command is work for me its great help and i appriciated #restorecon -r -v /web #setsebool -P allow_execmod 1 once again thanks for ur help Mr.dwalsh |