Bug 524026
Summary: | setroubleshoot: SELinux is preventing rtkit-daemon "getcap" access. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David <idht4n> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, jkubin, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:e7482cdab26d42cac292fed29bd1c2c78611b700147d9d02e34ac755f918fcd4 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-17 20:00:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David
2009-09-17 16:18:29 UTC
You seem to be having a labeling problem on the rtkit-daemon restorecon -R -v /usr/libexec *** Bug 524027 has been marked as a duplicate of this bug. *** *** Bug 524028 has been marked as a duplicate of this bug. *** *** Bug 524029 has been marked as a duplicate of this bug. *** *** Bug 524030 has been marked as a duplicate of this bug. *** I've had a few selinux reports closed as not a bug. My naive understanding of selinux errors is that they are always bugs unless a user has done something bad to screw up labelling. As far as I know, I've done no such things. I installed f12 alpha and updated it periodically. The only things I've done as root have been to copy a few individual files (ldap.conf, auto.master) from my f11 partition, yum installs, yum updates, and restarting autofs. I am running as a normal local user that was created from scratch after the alpha install, so I don't have any f11 user configuration baggage hanging around. If you want me to stop filing reports, let me know. I usually disable selinux when the official release comes out anyway... in the mean time, I'm just trying to be a good citizen. Right but if the labeling gets messed up, probably do to rawhide failures, there is nothing I can do to fix the labeling. In this case did you check the labeling on this file? During rawhide, selinux got broken by dracut and some labeling got messed up. This could have been the problem. Also if you are going to report the bugs, and you find a bunch that look the same, please do not keep pushing the report the bug button. I know this is difficult, but some times I get hundreds of bugs all to do with the same labeling issue. (In reply to comment #7) > Right but if the labeling gets messed up, probably do to rawhide failures, > there is nothing I can do to fix the labeling. > > In this case did you check the labeling on this file? > Honestly, I'm not up to speed on selinux and labeling. I was just told to report all errors I see by somebody on the test mailing list, so I have been. If something like dracut can screw up labelling, it seems that there should be a mechanism for a future yum update to fix it. I guess the danger is that automated fixing of labels will mask real security problems? But I'm not sure that's any different from what I do now which is to blindly run commands to fix labels when bugzilla tells me to. I'll try to fix my labelling and filter out similar looking reports... I had assumed that sealert was smart enough to add to an existing report when there was only one small change between reports. Well we are working on it. dracut/selinux lots of bugs happen in Rawhide and some never get cleaned up without user intervention. That is what makes Rawhide fun. :^) fixfiles restore and reboot should clean everything up. yum -y upgrade tomorrow, because todays selinux-policy is broken. |