Bug 618543
| Summary: | the dialogue "System policy prevents write access to" is missing information | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Karel Volný <kvolny> |
| Component: | PolicyKit-kde | Assignee: | Orphan Owner <extras-orphan> |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 13 | CC: | extras-orphan, jreznik, kevin, ltinkl, rdieter, rnovacek, smparrish |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-06-29 12:55:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Karel Volný
2010-07-27 08:40:56 UTC
(In reply to comment #0) > Description of problem: > I got some security alert about mislabeled file. After clicking "Restore > Context", a dialogue asking for password appeared ... > > It says: > > System policy prevents write access to SETroubleshoot > > An application is attempting to perform an action that requires privileges. > Authentication is required to perform this action. > > Password: ... > > > Oh well, what privileges are required? Which password I'm supposed to enter, > the root password? - This is indeed bug - there should be "Password for root" if root password is required. >But I don't think that root is needed for this particular > action ... This is not a polkit-kde bug - it's set in setroubleshoot policy file /usr/share/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy - auth_admin is required. > So that I've clicked Details to get some details ... Now I see three additional > lines: > > Application: > Action: SELinux write access > Vendor: Red Hat Inc. Application should be set. > Oh, nice ... still no information what privileges, which password is asked for. > And my question is still unanswered, what exact action is going to be > performed, to see if it really needs root. The text "SELinux write access" > looks like a hyperlink, but clicking it does nothing. (Clicking Red Hat Inc. > opens Red Hat homepage in Konqueror.) This is again not a polkit-kde problem - it just displays what the application provides. > And why the "Application" item is empty? - I'd expect something like > "/usr/bin/sealert" or maybe "/usr/bin/chcon" ... > > > Version-Release number of selected component (if applicable): > polkit-kde-0.95.1-4.fc13.x86_64 > > How reproducible: > always > > Steps to Reproduce: > 1. mislabel some file in your home, let setroubleshoot notice > 2. open the sealert window > 3. click Restore Context > > Actual results: > you get some slack phishing attempt for your passwords, see the description > above > > Expected results: > a dialogue clearly explaining WHAT is asked and WHY > including which exact command (action) caused the need for authentication > > Additional info: (In reply to comment #1) > Application should be set. Actually that is again bug in polkit. It should send application name to the authentication client (dialog) but it doesn't. Polkit-kde doesn't have any link to the application - it depends only on information that polkit provides. polkit-kde-0.95.1-6.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/polkit-kde-0.95.1-6.fc13 polkit-kde-0.95.1-6.fc14 has been submitted as an update for Fedora 14. http://admin.fedoraproject.org/updates/polkit-kde-0.95.1-6.fc14 polkit-kde-0.95.1-6.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/polkit-kde-0.95.1-6.fc12 The above mention update to version polkit-kde-0.95.1-6 fixes showing "Password for root" if root is authenticating. polkit-kde-0.95.1-6.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. polkit-kde-0.95.1-6.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. polkit-kde-0.95.1-6.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. (In reply to comment #6) > The above mention update to version polkit-kde-0.95.1-6 fixes showing "Password > for root" if root is authenticating. I can confirm ... but what about the remaining issues? (In reply to comment #2) > (In reply to comment #1) > > Application should be set. > Actually that is again bug in polkit. It should send application name to the > authentication client (dialog) but it doesn't. Polkit-kde doesn't have any link > to the application - it depends only on information that polkit provides. is that a *known* bug? - what is the bz number then? (In reply to comment #1) > (In reply to comment #0) ... > >But I don't think that root is needed for this particular > > action ... > > This is not a polkit-kde bug - it's set in setroubleshoot policy file > /usr/share/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy - > auth_admin is required. so, another bug/RFE should be filed ... to be honest, I'm not sure what is this all about - I have a suspicion that for running restorecon without root privileges, polkit doesn't need to be involved at all? This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Fedora 13 changed to end-of-life (EOL) status on 2011-06-25. Fedora 13 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. |