Bug 416641

Summary: xinetd fails to start with selinux enabled
Product: [Fedora] Fedora Reporter: Hayden James <hayden.james>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 8   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-30 19:19:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hayden James 2007-12-08 17:43:51 UTC 
Description of problem: xinetd fails to start with selinux enabled

Enabled:

[root@hayden ~]# setenforce 1
[root@hayden ~]# service xinetd start
Starting xinetd: /bin/bash: /usr/sbin/xinetd: Permission denied
                                                           [FAILED]

Disabled:

[root@hayden ~]# setenforce 0
[root@hayden ~]# service xinetd start
Starting xinetd:                                           [  OK  ]

[root@hayden ~]# rpm -qa | grep xinetd
xinetd-2.3.14-14.fc8

[root@hayden ~]# rpm -qa | grep selinux
libselinux-2.0.43-1.fc8
libselinux-python-2.0.43-1.fc8
selinux-policy-devel-3.0.8-62.fc8
libselinux-2.0.43-1.fc8
selinux-policy-3.0.8-62.fc8
libselinux-devel-2.0.43-1.fc8
selinux-policy-targeted-3.0.8-62.fc8
Comment 1 Daniel Walsh 2007-12-10 14:44:38 UTC 
If you execute 

# semanage login -m -s unconifned_u __default__
Then logout and log back in.  Does it work for you?
Comment 2 Daniel Walsh 2007-12-10 14:46:06 UTC 
This change will show up in selinux-policy-3.0.8-68.fc8
Comment 3 Hayden James 2007-12-11 00:06:27 UTC 
[root@hayden ~]# semanage login -m -s unconifned_u __default__
libsemanage.validate_handler: selinux user unconifned_u does not exist No such
file or directory.
libsemanage.validate_handler: seuser mapping [__default__ -> (unconifned_u, s0)]
is invalid No such file or directory.
libsemanage.dbase_llist_iterate: could not iterate over records No such file or
directory.
/usr/sbin/semanage: Could not modify login mapping for __default__

[root@hayden ~]# service xinetd start
Starting xinetd: /bin/bash: /usr/sbin/xinetd: Permission denied
                                                           [FAILED]
Comment 4 Daniel Walsh 2007-12-13 21:11:19 UTC 
Ok try .

semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023
unconfined_u 
semanage login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
Comment 5 Hayden James 2007-12-14 02:53:33 UTC 
[root@hayden ~]# semanage user -a -P unconfined -R "unconfined_r system_r" -r
s0-s0:c0.c1023 unconfined_u
/usr/sbin/semanage: SELinux user unconfined_u is already defined
[root@hayden ~]# semanage login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
[root@hayden ~]# service xinetd start
Starting xinetd: /bin/bash: /usr/sbin/xinetd: Permission denied
                                                           [FAILED]
Comment 6 Daniel Walsh 2007-12-14 12:22:07 UTC 
Now you have to log all the way out and log back in.  Back to the Login prompt.
Comment 7 Daniel Walsh 2008-01-30 19:19:34 UTC 
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.