| Summary: | Asterisk-dahdi will not install or update in enforcing mode | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Bruno Wolff III <bruno> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | bruno, dominick.grift, dwalsh, itamar, jeff, mgrepl, rbryant |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-10-11 12:53:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Assigning to the selinux folks... Was there a change in the selinux policy that prevents package installs from running usermod? Here's the relevant command from the spec:
%pre dahdi
%{_sbindir}/usermod -a -G dahdi asterisk
Note that this is likely to affect the asterisk-misdn subpackage as well.
Yes I will add this access back. We are experimenting with a label for /etc/passwd, not sure if the same label should be added for /etc/group. Jeffrey if you chcon -t passwd_file_t /etc/group Does the package install succeed? /etc/group seems to be labelled as passwd_file_t in rawhide now. I tested erasing and reinstalling asterisk-dahdi and it worked. So it looks like it is fixed now. |
Description of problem: Error in PREIN scriptlet in rpm package asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686 error: %pre(asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686) scriptlet failed, exit status 10 I can install if I use setenforce 0 first. This appears to be the avc: Oct 4 15:53:01 bruno kernel: [161187.552484] type=1400 audit(1317761581.457:521): avc: denied { write } for pid=5326 comm="usermod" name="group" dev=dm-1 ino=271858 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file Note that if I run the usermod command as root from a shell it seems to work. Version-Release number of selected component (if applicable): asterisk-dahdi-10.0.0-0.2.beta2.fc17.i686 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: