Bug 590677
Summary: | Permision denied when setting a disable_user_list | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Tomas Pelka <tpelka> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 6.0 | CC: | mmalik | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-3.7.19-15.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-07-02 19:51:32 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Tomas Pelka
2010-05-10 13:17:02 UTC
1) does booting with enforcing=0 in grub.conf on the kernel command line "fix" this? 2) is /home nfs mounted? (In reply to comment #2) > 1) does booting with enforcing=0 in grub.conf on the kernel command line "fix" > this? Seems yes, no more error. > > 2) is /home nfs mounted? No it is local. Alright, probably just a hole in the selinux policy since this feature isn't used much. Reassigning... This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. Tomas do you have any AVC messages? Fixed in selinux-policy-3.7.19-15.fc13.noarch (In reply to comment #6) > Tomas do you have any AVC messages? If you still need AVC, here it is: type=USER_AUTH msg=audit(1273562104.807:67): user pid=4317 uid=501 auid=501 ses=1 subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/libexec/polkit-1/polkit-agent-helper-1" hostname=? addr=? terminal=? res=success' type=USER_ACCT msg=audit(1273562104.809:68): user pid=4317 uid=501 auid=501 ses=1 subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/libexec/polkit-1/polkit-agent-helper-1" hostname=? addr=? terminal=? res=success' type=AVC msg=audit(1273562104.817:69): avc: denied { search } for pid=4316 comm="gconf-defaults-" name="tpelka" dev=sda6 ino=6832129 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=user_u:object_r:samba_share_t:s0 tclass=dir type=SYSCALL msg=audit(1273562104.817:69): arch=c000003e syscall=4 success=no exit=-13 a0=260f700 a1=7fffaa995bf0 a2=7fffaa995bf0 a3=1 items=0 ppid=1 pid=4316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism" subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273562104.817:70): avc: denied { search } for pid=4316 comm="gconf-defaults-" name="tpelka" dev=sda6 ino=6832129 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 tcontext=user_u:object_r:samba_share_t:s0 tclass=dir type=SYSCALL msg=audit(1273562104.817:70): arch=c000003e syscall=83 success=no exit=-13 a0=260f700 a1=1c0 a2=ffffffffffffffa8 a3=7fffaa995950 items=0 ppid=1 pid=4316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism" subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null) Created attachment 413055 [details]
audit.log
Because of wrong format of AVC (only cut&paste) attaching a audit log with message mentioned in c8.
Tomas this looks like you have set the label samba_share_t in your homedir? If you want to share your homedir via samba you need to turn on the boolean samba_enable_home_dirs Not set the context of the home dir to samba_share_t. Confirmed, fixfiles restore / fix this issue. Red Hat Enterprise Linux Beta 2 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |