| Summary: | AVC: load-policy: install IPA Server | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.1 | CC: | dpal, dwalsh, mmalik, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 10:07:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. This policy is in selinux-policy-3.7.19-82.el6.noarch verified version: selinux-policy-3.7.19-82.el6.noarch No AVCs detected :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: TEST PROTOCOL :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Test run ID : 1590505 :: [ LOG ] :: Package : ipa-server :: [ LOG ] :: Installed: : ipa-server-2.0.0-20.el6.x86_64 :: [ LOG ] :: Test started : 2011-04-07 18:20:22 EDT :: [ LOG ] :: Test finished : 2011-04-07 18:30:11 EDT :: [ LOG ] :: Test name : /CoreOS/ipa-server/acceptance/quickinstall :: [ LOG ] :: Distro: : Red Hat Enterprise Linux Server release 6.1 Beta (Santiago) :: [ LOG ] :: Hostname : hp-dl385g7-02.lab.eng.brq.redhat.com :: [ LOG ] :: Architecture : x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Test description :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: PURPOSE of /CoreOS/sssd/ipa-server/acceptance/quickinstall Description: Quick installation for ipa master slave and clieny Author: Jenny Galipeau <jgalipea> :: [ LOG ] :: hostname command: hp-dl385g7-02.lab.eng.brq.redhat.com :: [ LOG ] :: HOSTNAME: hp-dl385g7-02.lab.eng.brq.redhat.com :: [ LOG ] :: MASTER: hp-dl385g7-02.lab.eng.brq.redhat.com :: [ LOG ] :: SLAVE: :: [ LOG ] :: CLIENT: :: [ LOG ] :: ipa-server package is installed :: [ LOG ] :: ipa-client package is installed :: [ LOG ] :: ipa-admintools package is installed :: [ LOG ] :: bind package is installed :: [ LOG ] :: expect package is installed :: [ LOG ] :: krb5-workstation package is installed :: [ LOG ] :: bind-dyndb-ldap package is installed :: [ LOG ] :: ntpdate package is installed :: [ LOG ] :: krb5-pkinit-openssl package is installed :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Install IPA MASTER Server :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Stopping the ntp server :: [ PASS ] :: Synchronzing clock with valid time server :: [ LOG ] :: Ip address is 10.34.35.100 :: [ LOG ] :: Hosts file contains: :: [ LOG ] :: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 :: [ LOG ] :: ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 :: [ LOG ] :: 10.34.35.100 hp-dl385g7-02.testrelm hp-dl385g7-02.lab.eng.brq.redhat.com hp-dl385g7-02 :: [ PASS ] :: Set up /etc/hosts :: [ PASS ] :: Running 'hostname hp-dl385g7-02.testrelm' :: [ LOG ] :: /etc/sysconfig/network contains: :: [ LOG ] :: NETWORKING=yes :: [ LOG ] :: HOSTNAME=hp-dl385g7-02.testrelm :: [ PASS ] :: Fix hostname :: [ LOG ] :: EXECUTING: ipa-server-install --setup-dns --forwarder=10.14.63.12 --hostname=hp-dl385g7-02.testrelm -r TESTRELM -n testrelm -p Secret123 -P Secret123 -a Secret123 -U :: [ PASS ] :: Installing IPA Server :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Testing kinit as admin :: [ LOG ] :: Duration: 9m 41s :: [ LOG ] :: Assertions: 7 good, 0 bad :: [ PASS ] :: RESULT: Install IPA MASTER Server Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1511.html |
Description of problem: Info: Searching AVC errors produced since 1302090962.69 (Wed Apr 6 07:56:02 2011) Searching logs... Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 04/06/2011 07:56:02 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.VHf9e0 2>&1' <no matches> Info: No AVC messages found. /bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log Following messages were found in dmesg: type=1400 audit(1302091237.808:7): avc: denied { read } for pid=6160 comm="load_policy" path=2F746D702F73682D7468642D31333032303832393633202864656C6574656429 dev=dm-0 ino=917529 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file Running '/usr/sbin/sestatus' SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted Running 'rpm -q selinux-policy || true' selinux-policy-3.7.19-80.el6.noarch Version-Release number of selected component (if applicable): selinux-policy-3.7.19-80.el6.noarch ipa-server.x86_64 0:2.0.0-18.el6 How reproducible: always Steps to Reproduce: 1. Install IPA Server 2. 3. Actual results: see description Expected results: no selinux AVCs Additional info: