Bug 788261
Summary: | SELinux is preventing /usr/sbin/usermod from 'read' accesses on the None /var/spool/mail/speed. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stéphane Lesimple <speed47_redhat> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | dominick.grift, dwalsh, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:baec9855537496820794f5924188bc32d936003535d092aa3c9da840763e4b8f | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-09 08:39:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stéphane Lesimple
2012-02-07 22:08:07 UTC
The context is this : # usermod -u 1234 username This changes the UID of username to 1234, and applies a subset of fixes to the filesystem. Among those fixes, it tries to chown the /var/spool/mail/username file, which SELinux denies to `usermod`... where it shouldn't be, as `usermod` is definitely legitimate in this action here. Stephane could you run restorecon -R -v /var/spool/mail This looks like the content here is mislabeled. Did you turn on quota on the mail system? The install was one-day fresh (complete reinstall after an SSD crash), the `usermod` was one of my first commands, almost nothing was tweaked before it. [root@mercure ~]# ls -Z /var/spool/mail/ -rw-rw----. joe mail unconfined_u:object_r:mail_spool_t:s0 joe -rw-rw----. rpc mail system_u:object_r:mail_spool_t:s0 rpc -rw-rw----. speed mail system_u:object_r:quota_db_t:s0 speed [root@mercure ~]# restorecon -R -v /var/spool/mail/ restorecon reset /var/spool/mail/speed context system_u:object_r:quota_db_t:s0->system_u:object_r:mail_spool_t:s0 [root@mercure ~]# ls -Z /var/spool/mail/ -rw-rw----. joe mail unconfined_u:object_r:mail_spool_t:s0 joe -rw-rw----. rpc mail system_u:object_r:mail_spool_t:s0 rpc -rw-rw----. speed mail system_u:object_r:mail_spool_t:s0 speed You're right, it was mislabeled, and it was even a quota_db_t ! ... But I don't remember enabling anything related to quota during the install, or even after it. Am I missing something here ? *** This bug has been marked as a duplicate of bug 785759 *** |