Bug 636359
| Summary: | SELinux is preventing /usr/bin/c2s "read" access on /etc/selinux/targeted/contexts/files/file_contexts. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Frank Ybanez <fybanez> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 13 | CC: | dwalsh, jpazdziora, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | setroubleshoot_trace_hash:f690a61f4424d52f0ea0d18f91fb81e06171574c50937645810e8cd53ef16346 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-05-31 13:01:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Frank Ybanez
2010-09-22 00:19:42 UTC
*** Bug 636358 has been marked as a duplicate of this bug. *** *** Bug 636360 has been marked as a duplicate of this bug. *** *** Bug 636361 has been marked as a duplicate of this bug. *** *** Bug 636364 has been marked as a duplicate of this bug. *** *** Bug 636362 has been marked as a duplicate of this bug. *** Miroslav, why is jabberd trying to read the file_context file? We have 'kerberos_use(jabberd_router_t)' for router component of the jabberd system. Looks like also c2s component needs to use kerberos. Ok, update the policy. Ok, easy fix is
allow jabberd_domain self:netlink_route_socket r_netlink_socket_perms;
optional_policy(`
kerberos_use(jabberd_domain)
')
But I don't think so other jabberd component needs to use kerberos.
I added some additional changes for jabberd policy. Frank, could you test the selinux-policy scratch build with these changes available from http://koji.fedoraproject.org/koji/taskinfo?taskID=2483388 Thanks. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |