Bug 529951
Summary: | SELinux is preventing the /bin/loadkeys from using potentially mislabeled files (Documents). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Pavel Horák <pavhor> |
Component: | livecd-tools | Assignee: | David Huff <dhuff> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | awilliam, bruno, dwalsh, fedora, katzj, kevin, lakshminaras2002, mgrepl, rdieter, rnovacek |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:f33bab51fd9c8bcc423f93bab947aaf622cb8c3326de605ae8376d57e26430a2 | ||
Fixed In Version: | livecd-tools-034-7.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-09-16 03:47:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 473302 |
Description
Pavel Horák
2009-10-20 20:43:47 UTC
What were you doing when you got this AVC to happen? This bug emerged right after F12-Beta-i686-Live-KDE.iso (burned to CD) booted to KDE. I was doing "nothing". Previous version I tried (I think it was Beta RC2 from 2009-10-15 was ok). When you login, what does id -Z show? I tried it again and I can't reproduce it now :( [liveuser@localhost ~]$ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Well since it makes no sense at all, I will just close it as worksforme. If you can reproduce, reopen it. Thanks. It just occurred here when installing from the KDE Live CD F12 beta i386. It happened once it was setting the permissions on the filesystem after copying the image over. Reopening. Did you get the same avc? Could you attach your /var/log/audit/audit.log? I can not see why the load_keys program would be trying to read the contents of the Documents directory under a users homedir. The bug reporting tool came up with this bug report as a duplicate, so I assume it is the same denial. This bug actually happened on a friend's machine while installing, I entered my information to report the bug so that it got reported. I'll get him CC'd to get more information. Blocking F12Blocker (KDE-SIG meeting). The impact of this bug isn't at all clear, from the descriptions above you get a denial but nothing seems to suggest this breaks anything. Could you explain more clearly what the problem is here? I do catch a reference to '"install to hd link on desktop lacking execute permission" problem' in the KDE meeting log, but that's a bit cryptic with no context. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers I would agree, in retrspect, that without knowing the impact here, it's premature to consider this a blocker. removing, until we have further data. it's obviously not nice from a polish perspective, but we're right down to the wire for f12 final (we basically have today and tomorrow to fix blockers) so i have a pretty high bar on new blocker issues right now :/ -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers The .desktop file lacking execute permission is a completely separate issue. Thanks for that clarification. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers I am allowing it in selinux-policy-3.6.32-41.fc12.noarch Just for polish reasons. But will remove from Rawhide after F12 ships, since I think this is covering up a bug. it may help the KDE folks fix it properly if you could provide a hint about what you think the bug is - I guess "I can not see why the load_keys program would be trying to read the contents of the Documents directory under a users homedir." ? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle. Changing version to '13'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This looks like a duplicate of Bug 519709 for which an upstream fix has been committed. This will probably be fixed in the next release of livecd-tools. livecd-tools-034-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/livecd-tools-034-1.fc14 livecd-tools-034-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update livecd-tools'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/livecd-tools-034-2.fc14 livecd-tools-034-7.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/livecd-tools-034-7.fc14 livecd-tools-034-7.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update livecd-tools'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/livecd-tools-034-7.fc14 livecd-tools-034-7.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |