Bug 288861
Summary: | selinux-policy breaks pam_limits by ignoring limits.conf | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jim Radford <radford> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 8 | CC: | tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-09-21 18:02:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jim Radford
2007-09-13 06:49:55 UTC
Are you seeing avc messages that would indicate SELinux is causing the problem? Fixed in selinux-policy-2.4.6-88.fc6 (In reply to comment #1) > Are you seeing avc messages that would indicate SELinux is causing the problem? If I setenforce 0, then I get my realtime priority, so it *is* selinux. Not obviously. Maybe this one? type=AVC msg=audit(1189683790.155:43): avc: denied { read } for pid=6931 comm="consoletype" path="pipe:[24144]" dev=pipefs ino=24144 scontext=system_u:system_r:cons oletype_t:s0 tcontext=system_u:system_r:unconfined_t:s0 tclass=fifo_file (In reply to comment #2) > Fixed in selinux-policy-2.4.6-88.fc6 I'm guessing that you meant selinux-policy-2.6.4-88.fc7 but I can't seem to find that either? Ooops. Looks like I updated the wrong bugzilla. tomaz you have any idea? You can execute # semodule -DB to turn off all dontaudit rules The try it out. semodule -B Will turn rules back on. (In reply to comment #5) > You can execute > # semodule -DB Some of these look promising. type=AVC msg=audit(1189787145.556:149): avc: denied { rlimitinh } for pid=27784 comm="unix_update" scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext= system_u:system_r:updpwd_t:s0-s0:c0.c1023 tclass=process type=AVC msg=audit(1189787145.724:160): avc: denied { rlimitinh } for pid=27785 comm="bash" scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_ u:system_r:unconfined_t:s0 tclass=process type=AVC msg=audit(1189787145.727:161): avc: denied { rlimitinh } for pid=27786 comm="hal-acl-tool" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r: hald_acl_t:s0 tclass=process type=AVC msg=audit(1189787168.553:169): avc: denied { rlimitinh } for pid=27852 comm="load_policy" scontext=system_u:system_r:semanage_t:s0 tcontext=system_u:system _r:load_policy_t:s0 tclass=process Fixed in selinux-policy-3.0.8-1 Works for me now. Thanks. |