Bug 684451
Summary: | SELinux is preventing /usr/kerberos/sbin/login.krb5 from read, write access on the file krb5cc_p32165. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Russell King <rmk> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 14 | CC: | dwalsh, mgrepl, nalin, ssorce |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:f7152ffcf5a5f193f151dd4a323f9d6c0c6714a21b5eaa2977f03629b888e5a4 | ||
Fixed In Version: | selinux-policy-3.9.7-37.fc14 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-03-22 18:52:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Russell King
2011-03-12 17:40:57 UTC
Did the credential cache file get created? Strange that we do not see an open or create avc here? Upon logging in as 'rmk': rmk@flint:[~]:<1045> kinit -f Password for rmk.ORG.UK: rmk@flint:[~]:<1046> krsh -f rmk-PC This rlogin session is encrypting all data transmissions. Last login: Tue Mar 15 08:45:06 from brick rmk@rmk-PC:[~]:<755> echo $KRB5CCNAME FILE:/tmp/krb5cc_p11867 rmk@rmk-PC:[~]:<756> vdir /tmp/krb5cc_p11867 -rw-------. 1 root root 485 Mar 15 21:05 /tmp/krb5cc_p11867 So yes, it is created, but with root permissions. This means that the cache can't be used: rmk@rmk-PC:[~]:<758> kinit -R kinit: Credentials cache permissions incorrect while renewing credentials rmk@rmk-PC:[~]:<759> krsh -f flint rmk@rmk-PC:[~]:<760> krlogin flint and kerberos utilities silently fail. Miroslav can you add userdom_rw_user_tmp_files(remote_login_t) Fixed in selinux-policy-3.9.7-34.fc14 selinux-policy-3.9.7-34.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-34.fc14 selinux-policy-3.9.7-37.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-37.fc14 selinux-policy-3.9.7-37.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |