Bug 748730

Summary:	updatedb fails because of missing slocate group (not created as expected)
Product:	[Fedora] Fedora	Reporter:	Jaromír Cápík <jcapik>
Component:	selinux-policy	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED NOTABUG	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	dominick.grift, dwalsh, mgrepl, mitr, ovasik, ppisar
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-10-25 12:56:22 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Jaromír Cápík 2011-10-25 08:09:12 UTC

Description of problem:
Even if the slocate group is supposed to be created in the %pre phase, this fails for some reason. 
The following terminal log shows 2 warnings, that slocate group doesn't exist (using root instead) and then the updatedb command fails.

[root@XXX]# yum install mlocate
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mlocate.x86_64 0:0.24-1.fc16 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================
 Package       Arch         Version           Repository     Size
==================================================================
Installing:
 mlocate       x86_64       0.24-1.fc16       rawhide       108 k

Transaction Summary
==================================================================
Install  1 Package

Total download size: 108 k
Installed size: 424 k
Is this ok [y/N]: y
Downloading Packages:
mlocate-0.24-1.fc16.x86_64.rpm             | 108 kB     00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : mlocate-0.24-1.fc16.x86_64                     1/1 
warning: group slocate does not exist - using root
warning: group slocate does not exist - using root
  Verifying  : mlocate                                        1/1 

Installed:
  mlocate.x86_64 0:0.24-1.fc16                                    

Complete!
[root@XXX]# updatedb
updatedb: can not find group `slocate'
[root@XXX]#

Comment 1 Jaromír Cápík 2011-10-25 08:44:29 UTC

We just discovered, that groupadd fails with code 10: can't update group file ... but that happens only when installing the mlocate package. When I enter the same command in terminal, it works ...

Comment 2 Petr Pisar 2011-10-25 08:48:38 UTC

/var/log/secure:
Oct 25 10:45:23 fedora-17 groupadd[1671]: cannot open /etc/group
Oct 25 10:45:23 fedora-17 groupadd[1671]: failed to add group slocate

/var/log/messages:
Oct 25 10:45:23 fedora-17 kernel: [ 1549.699743] type=1400 audit(1319532323.054:12389): avc:  denied  { write } for  pid=1671 comm="groupadd" name="group" dev=dm-0 ino=143763 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file

This is SELinux policy problem (selinux-policy-3.10.0-46.1.fc17.noarch), reassigning.

Comment 3 Daniel Walsh 2011-10-25 12:56:22 UTC

Petr,

restorecon -R -v /etc/group

Should fix the problem.

Comment 4 Petr Pisar 2011-10-25 14:41:15 UTC

You are right, the file has been mislabeled for unknown reason.

Comment 5 Petr Pisar 2011-10-25 14:44:41 UTC

When is performed relabeling after upgrading policy? I did not reboot after upgrading the policy, so subsequent `yum install mlocate' hit the file with old label. (I see my F15 has etc_t on /etc/group.) Could this be the reason for mislabeled files?

Comment 6 Daniel Walsh 2011-10-25 14:51:44 UTC

Yes we are experimenting in F17 with labeling /etc/group and /etc/passwd.  So there could have been a failure on the update to relabel these files.