Bug 836980
| Summary: | stap-server fails to install | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Cermak <mcermak> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Milos Malik <mmalik> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.0 | CC: | mgrepl, mmalik, pfrields |
| Target Milestone: | beta | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-07-17 08:02:12 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 828606 | ||
| Bug Blocks: | |||
type=AVC msg=audit(1342205570.209:367): avc: denied { write } for pid=11210 comm="useradd" name="lib" dev="dm-1" ino=28 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
This happens when the %preinstall script tries to create the /var/lib/stap-server. Reassigning to selinux-policy to insure this is kosher and if so fix policy.
Why is useradd trying to write to /var/lib directory, is this where the user exists? Yes, the stap-server rpm script runs useradd to create stapuser with /var/lib/stapserver as homedir. We have stapserver policy in rawhide. *** This bug has been marked as a duplicate of bug 828606 *** |
Description of problem: # yum install systemtap-server Loaded plugins: langpacks, product-id, security, subscription-manager Updating certificate-based repositories. Unable to read consumer identity Resolving Dependencies --> Running transaction check ---> Package systemtap-server.s390x 0:1.8-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing: systemtap-server s390x 1.8-1.el7 rhel7 165 k Transaction Summary ================================================================================================================================== Install 1 Package Total download size: 165 k Installed size: 656 k Is this ok [y/N]: y Downloading Packages: systemtap-server-1.8-1.el7.s390x.rpm | 165 kB 00:00 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : systemtap-server-1.8-1.el7.s390x 1/1 warning: user stap-server does not exist - using root runuser: user stap-server does not exist Could not open certificate file ~stap-server/.systemtap/ssl/server/stap.cert for reading No such file or directory Unable to authorize certificate Could not open certificate file ~stap-server/.systemtap/ssl/server/stap.cert for reading No such file or directory Unable to authorize certificate Installed products updated. Verifying : systemtap-server-1.8-1.el7.s390x 1/1 Installed: systemtap-server.s390x 0:1.8-1.el7 Complete! Version-Release number of selected component (if applicable): systemtap-server-1.8-1.el7.s390x How reproducible: Always Additional info: Observed also on x86_64. Due to this, the server can't start: # service stap-server start Starting stap-server -a "x86_64" -r "3.3.0-0.15.el7.x86_64" -u "stap-server" --log "/var/log/stap-server/log" runuser: user stap-server does not exist [FAILED]