Bug 953286
| Summary: | SELinux causes 'realm join' to fail | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Patrik Kis <pkis> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 19 | CC: | dominick.grift, dspurek, dwalsh, jhrozek, mgrepl, stefw, tbabej, yaneti, yelley |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-13 15:17:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 918092 | ||
|
Description
Patrik Kis
2013-04-17 20:39:25 UTC
Can you reproduce by running the exact ipa-client-install command included in the verbose output: LANG=C /usr/sbin/ipa-client-install --domain skynet.com --realm SKYNET.COM --principal admin -W --mkhomedir --no-ntp --enable-dns-updates --unattended Obviously, if not 100% reproducible you would need to try repeatedly to get the failure to happen here. Could you also try running the following as root in a second terminal: # killall realmd # /usr/lib64/realmd/realmd That will let us know if it really is a SELinux issue or not (or something to do with the context in which dbus normally spawns realmd). Since SELinux hides some of its AVC's selinux-policy should not be a problem. We have realmd_t as unconfined now. You can re-test it in permissive mode to be sur. *** Bug 953537 has been marked as a duplicate of this bug. *** Bug 953537 has backtraces and so on. Miroslav, I can pretty much confirm that this is SELinux related. We've only ever seen this on the i686 platform. I tried hard to duplicate this SELinux is permissive, doing the join/leave about 8 or 9 times in a row. Right after a 'setenforce 1' and doing the join again, the failure occurs. * There is no other output in /var/log/messages related to the failure. * There is no AVC related to the failure. This is on a system that was F18 updated to F19. Was that also the same for you Patrik? Output of restore con does not seem related: # restorecon -R -v -n / restorecon reset /var/gdm context system_u:object_r:auth_cache_t:s0->system_u:object_r:xserver_log_t:s0 restorecon reset /home/stef/.cache/mozilla context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/startupCache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/startupCache/startupCache.4.little context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-malware-simple.cache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-malware-simple.pset context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-phish-shavar.cache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-phish-simple.sbstore context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-malware-shavar.pset context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-malware-shavar.cache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-phish-simple.cache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-phish-shavar.sbstore context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-phish-shavar.pset context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-phish-simple.pset context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/classifier.hashkey context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/test-malware-simple.sbstore context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/safebrowsing/goog-malware-shavar.sbstore context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/_CACHE_CLEAN_ context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/thumbnails context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/thumbnails/522080098835c56e045ab53b0cfc3385.png context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/thumbnails/be454687f7b5cb730bf79cc8dc1db9fe.png context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/_CACHE_002_ context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/B context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/6 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/_CACHE_001_ context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/3 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/7 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/5 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/9 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/_CACHE_MAP_ context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/4 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/1 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/E context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/8 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/8/40 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/8/40/55BCCd01 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/_CACHE_003_ context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/F context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/F/67 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/F/67/8B3FBd01 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/0 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/0/78 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/0/78/07056d01 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/C context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/A context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/A/20 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/A/20/9FC6Fd01 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/D context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/D/78 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/D/78/A016Fd01 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /home/stef/.cache/mozilla/firefox/zahujn0e.default/Cache/2 context unconfined_u:object_r:mozilla_home_t:s0->unconfined_u:object_r:cache_home_t:s0 restorecon reset /etc/udev/hwdb.bin context unconfined_u:object_r:net_conf_t:s0->unconfined_u:object_r:etc_t:s0 David has also seen this issue. realm join pass in permissive mode for me, fails in enforcing, but 'ausearch -m avc -ts recent' shows me nothing There are lots of Dontaudit hidden AVCs: [stef@localhost ~]$ sudo yum install setools-console [sudo] password for stef: ... [stef@localhost ~]$ sudo seinfo --stats | grep audit Auditallow: 122 Dontaudit: 7191 Saw a similar error with 'realm leave': [stef@localhost ~]$ realm leave --verbose * LANG=C /usr/sbin/ipa-client-install --uninstall --unattended Unenrolling client from IPA server Unenrolling host failed: Error obtaining initial credentials: Key table entry not found. Removing Kerberos service principals from /etc/krb5.keytab Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.THEWALTER.LAN' returned non-zero exit status 5 Disabling client Kerberos and LDAP configurations Failed to remove krb5/LDAP configuration: [Errno 13] Permission denied ! Running ipa-client-install failed realm: Couldn't leave realm: Running ipa-client-install failed I tried semodule --disable_dontaudit --build, then run realm join again
enforcing mode, now ausearch shows me this avc messages:
----
time->Thu Apr 18 14:40:49 2013
type=SYSCALL msg=audit(1366288849.577:875): arch=c000003e syscall=59 success=yes exit=0 a0=115d7e0 a1=115d6e0 a2=115c010 a3=0 items=0 ppid=9615 pid=9616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="setroubleshootd" exe="/usr/bin/python2.7" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1366288849.577:875): avc: denied { noatsecure } for pid=9616 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1366288849.577:875): avc: denied { siginh } for pid=9616 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1366288849.577:875): avc: denied { rlimitinh } for pid=9616 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:40:49 2013
type=SYSCALL msg=audit(1366288849.511:874): arch=c000003e syscall=59 success=yes exit=0 a0=18d3630 a1=18d2700 a2=18d2010 a3=0 items=0 ppid=9613 pid=9614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="realmd" exe="/usr/lib64/realmd/realmd" subj=system_u:system_r:realmd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1366288849.511:874): avc: denied { noatsecure } for pid=9614 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1366288849.511:874): avc: denied { siginh } for pid=9614 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1366288849.511:874): avc: denied { rlimitinh } for pid=9614 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:40:54 2013
type=SYSCALL msg=audit(1366288854.939:876): arch=c000003e syscall=2 success=no exit=-13 a0=3f6c6d0 a1=2 a2=0 a3=1 items=0 ppid=9615 pid=9616 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="setroubleshootd" exe="/usr/bin/python2.7" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1366288854.939:876): avc: denied { write } for pid=9616 comm="setroubleshootd" name="__db.001" dev="dm-1" ino=274470 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
----
time->Thu Apr 18 14:41:46 2013
type=SYSCALL msg=audit(1366288906.166:885): arch=c000003e syscall=2 success=no exit=-13 a0=19e7890 a1=2 a2=0 a3=0 items=0 ppid=9690 pid=9691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="abrt-action-sav" exe="/usr/bin/abrt-action-save-package-data" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1366288906.166:885): avc: denied { write } for pid=9691 comm="abrt-action-sav" name="__db.001" dev="dm-1" ino=274470 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
----
time->Thu Apr 18 14:41:46 2013
type=SYSCALL msg=audit(1366288906.179:886): arch=c000003e syscall=2 success=no exit=-13 a0=1a32000 a1=2 a2=0 a3=3 items=0 ppid=9690 pid=9691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="abrt-action-sav" exe="/usr/bin/abrt-action-save-package-data" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1366288906.179:886): avc: denied { write } for pid=9691 comm="abrt-action-sav" name="__db.001" dev="dm-1" ino=274470 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
Same here, with dontaudit disabled. This is all with selinux-policy-3.12.1-32
time->Thu Apr 18 14:40:18 2013
type=AVC msg=audit(1366288818.174:2481): avc: denied { siginh } for pid=29537 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:40:18 2013
type=AVC msg=audit(1366288818.174:2480): avc: denied { rlimitinh } for pid=29537 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:40:18 2013
type=AVC msg=audit(1366288818.198:2482): avc: denied { noatsecure } for pid=29537 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:41:40 2013
type=AVC msg=audit(1366288900.738:2498): avc: denied { siginh } for pid=29624 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process
----
time->Thu Apr 18 14:41:40 2013
type=AVC msg=audit(1366288900.738:2497): avc: denied { rlimitinh } for pid=29624 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process
----
time->Thu Apr 18 14:41:40 2013
type=AVC msg=audit(1366288900.750:2499): avc: denied { noatsecure } for pid=29624 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process
----
time->Thu Apr 18 14:42:26 2013
type=AVC msg=audit(1366288946.659:2507): avc: denied { siginh } for pid=29650 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:42:26 2013
type=AVC msg=audit(1366288946.659:2506): avc: denied { rlimitinh } for pid=29650 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:42:26 2013
type=AVC msg=audit(1366288946.685:2508): avc: denied { noatsecure } for pid=29650 comm="realmd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:44:52 2013
type=AVC msg=audit(1366289092.738:2592): avc: denied { write } for pid=29800 comm="abrt-action-sav" name="__db.001" dev="sda3" ino=3989 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
----
time->Thu Apr 18 14:44:52 2013
type=AVC msg=audit(1366289092.795:2593): avc: denied { write } for pid=29800 comm="abrt-action-sav" name="__db.001" dev="sda3" ino=3989 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file
----
time->Thu Apr 18 14:45:24 2013
type=AVC msg=audit(1366289124.246:2602): avc: denied { rlimitinh } for pid=29838 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:45:24 2013
type=AVC msg=audit(1366289124.246:2603): avc: denied { siginh } for pid=29838 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:45:24 2013
type=AVC msg=audit(1366289124.292:2606): avc: denied { noatsecure } for pid=29838 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:45:41 2013
type=AVC msg=audit(1366289141.240:2610): avc: denied { rlimitinh } for pid=29847 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:45:41 2013
type=AVC msg=audit(1366289141.240:2611): avc: denied { siginh } for pid=29847 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
----
time->Thu Apr 18 14:45:41 2013
type=AVC msg=audit(1366289141.269:2612): avc: denied { noatsecure } for pid=29847 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process
(In reply to comment #11) > Saw a similar error with 'realm leave': > > [stef@localhost ~]$ realm leave --verbose > * LANG=C /usr/sbin/ipa-client-install --uninstall --unattended > Unenrolling client from IPA server > Unenrolling host failed: Error obtaining initial credentials: Key table > entry not found. > > Removing Kerberos service principals from /etc/krb5.keytab > Failed to remove Kerberos service principals: Command > '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r IPA.THEWALTER.LAN' returned > non-zero exit status 5 > Disabling client Kerberos and LDAP configurations > Failed to remove krb5/LDAP configuration: [Errno 13] Permission denied > ! Running ipa-client-install failed > realm: Couldn't leave realm: Running ipa-client-install failed I see this problem too, leave fails in enforcign again, but in permissive works. Weird non of those seem related. Any thing in /var/log/messages Also # ausearch -m user_avc (In reply to comment #15) > Any thing in /var/log/messages Not that I can tell. Here is an entire block of /var/log/messages surrounding a 'realm join' that fails. The GDM JS ERRORs have been filed elsewhere: pr 18 14:43:00 localhost dbus-daemon[255]: dbus[255]: avc: received setenforce notice (enforcing=1) Apr 18 14:43:00 localhost dbus-daemon[255]: dbus[255]: [system] Reloaded configuration Apr 18 14:43:52 localhost realmd[29650]: * Searching for kerberos SRV records for domain: _kerberos._udp.ipa.thewalter.lan Apr 18 14:43:52 localhost realmd[29650]: * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.ipa.thewalter.lan Apr 18 14:43:52 localhost realmd[29650]: * dc.ipa.thewalter.lan:88 Apr 18 14:43:52 localhost realmd[29650]: * Trying to retrieve IPA certificate from dc.ipa.thewalter.lan Apr 18 14:43:52 localhost realmd[29650]: * Retrieved IPA CA certificate verifies the HTTPS connection Apr 18 14:43:52 localhost realmd[29650]: ! Couldn't discover IPA KDC Apr 18 14:43:52 localhost realmd[29650]: * Found kerberos DNS records for: ipa.thewalter.lan Apr 18 14:43:52 localhost realmd[29650]: * Found IPA style certificate for: ipa.thewalter.lan Apr 18 14:43:52 localhost realmd[29650]: * Successfully discovered: ipa.thewalter.lan Apr 18 14:43:56 localhost dbus-daemon[255]: dbus[255]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service' Apr 18 14:43:56 localhost dbus[255]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service' Apr 18 14:43:56 localhost systemd[1]: Expecting device dev-disk-by\x2duuid-89146d09\x2d02a4\x2d49b7\x2da7b2\x2dc25527c4a64a.device... Apr 18 14:43:56 localhost systemd[1]: Starting Fingerprint Authentication Daemon... Apr 18 14:43:56 localhost dbus-daemon[255]: dbus[255]: [system] Successfully activated service 'net.reactivated.Fprint' Apr 18 14:43:56 localhost dbus[255]: [system] Successfully activated service 'net.reactivated.Fprint' Apr 18 14:43:56 localhost systemd[1]: Started Fingerprint Authentication Daemon. Apr 18 14:43:56 localhost fprintd[29742]: Launching FprintObject Apr 18 14:43:56 localhost fprintd[29742]: ** Message: D-Bus service launched with name: net.reactivated.Fprint Apr 18 14:43:56 localhost fprintd[29742]: ** Message: entering main loop Apr 18 14:43:59 localhost /etc/gdm/Xsession[1095]: Window manager warning: Log level 16: GChildWatchSource: Exit status of a child process was requested but ECHILD was received by waitpid(). Most likely the process is ignoring SIGCHLD, or some other thread is invoking waitpid() with a nonpositive first argument; either behavior can break applications that use g_child_watch_add()/g_spawn_sync() either directly or indirectly. Apr 18 14:43:59 localhost realmd[29650]: * Required files: /usr/sbin/ipa-client-install, /usr/sbin/sss_cache, /usr/sbin/sssd Apr 18 14:44:00 localhost realmd[29650]: * LANG=C /usr/sbin/ipa-client-install --domain ipa.thewalter.lan --realm IPA.THEWALTER.LAN --principal admin -W --mkhomedir --no-ntp --enable-dns-updates --unattended Apr 18 14:44:01 localhost realmd[29650]: Discovery was successful! Apr 18 14:44:01 localhost realmd[29650]: Hostname: f19.ipa.thewalter.lan Apr 18 14:44:01 localhost realmd[29650]: Realm: IPA.THEWALTER.LAN Apr 18 14:44:01 localhost realmd[29650]: DNS Domain: ipa.thewalter.lan Apr 18 14:44:01 localhost realmd[29650]: IPA Server: dc.ipa.thewalter.lan Apr 18 14:44:01 localhost realmd[29650]: BaseDN: dc=ipa,dc=thewalter,dc=lan Apr 18 14:44:01 localhost realmd[29650]: Synchronizing time with KDC... Apr 18 14:44:01 localhost ntpdate[29750]: ntpdate 4.2.6p5 Tue Apr 2 17:47:12 UTC 2013 (1) Apr 18 14:44:08 localhost systemd[1]: Time has been changed Apr 18 14:44:08 localhost ntpdate[29750]: step time server 192.168.12.11 offset 0.365946 sec Apr 18 14:44:08 localhost realmd[29650]: Successfully retrieved CA cert Apr 18 14:44:09 localhost realmd[29650]: Subject: CN=Certificate Authority,O=IPA.THEWALTER.LAN Apr 18 14:44:09 localhost realmd[29650]: Issuer: CN=Certificate Authority,O=IPA.THEWALTER.LAN Apr 18 14:44:09 localhost realmd[29650]: Valid From: Wed Apr 17 12:45:40 2013 UTC Apr 18 14:44:09 localhost realmd[29650]: Valid Until: Sun Apr 17 12:45:40 2033 UTC Apr 18 14:44:09 localhost realmd[29650]: Apr 18 14:44:10 localhost realmd[29650]: Enrolled in IPA realm IPA.THEWALTER.LAN Apr 18 14:44:10 localhost realmd[29650]: Created /etc/ipa/default.conf Apr 18 14:44:12 localhost realmd[29650]: New SSSD config will be created Apr 18 14:44:12 localhost realmd[29650]: Configured /etc/sssd/sssd.conf Apr 18 14:44:12 localhost realmd[29650]: Configured /etc/krb5.conf for IPA realm IPA.THEWALTER.LAN Apr 18 14:44:13 localhost realmd[29650]: trying https://dc.ipa.thewalter.lan/ipa/xml Apr 18 14:44:13 localhost realmd[29650]: Forwarding 'env' to server u'https://dc.ipa.thewalter.lan/ipa/xml' Apr 18 14:44:13 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:14 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! lineNumber = '88' Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 14:44:15 localhost /etc/gdm/Xsession[1095]: "' Apr 18 14:44:15 localhost realmd[29650]: DNS server record set to: f19.ipa.thewalter.lan -> 192.168.12.249 Apr 18 14:44:15 localhost systemd[1]: Started D-Bus System Message Bus. Apr 18 14:44:15 localhost systemd[1]: Starting Certificate monitoring and PKI enrollment... Apr 18 14:44:15 localhost systemd[1]: Started Certificate monitoring and PKI enrollment. Apr 18 14:44:16 localhost systemd[1]: Stopping Certificate monitoring and PKI enrollment... Apr 18 14:44:16 localhost systemd[1]: Starting Certificate monitoring and PKI enrollment... Apr 18 14:44:16 localhost systemd[1]: Started Certificate monitoring and PKI enrollment. Apr 18 14:44:16 localhost systemd[1]: Reloading. Apr 18 14:44:17 localhost chronyd[324]: Can't synchronise: no majority Apr 18 14:44:19 localhost chronyd[324]: Selected source 85.25.154.183 Apr 18 14:44:27 localhost fprintd[29742]: ** Message: No devices in use, exit Apr 18 14:44:47 localhost realmd[29650]: certmonger request for host certificate failed Apr 18 14:44:47 localhost realmd[29650]: Forwarding 'host_mod' to server u'https://dc.ipa.thewalter.lan/ipa/xml' Apr 18 14:44:47 localhost realmd[29650]: host_mod: 2.57 client incompatible with 2.47 server at u'https://dc.ipa.thewalter.lan/ipa/xml' Apr 18 14:44:47 localhost realmd[29650]: Failed to upload host SSH public keys. Apr 18 14:44:51 localhost abrt: detected unhandled Python exception in '/usr/sbin/ipa-client-install' Apr 18 14:44:51 localhost abrtd: New client connected Apr 18 14:44:51 localhost abrtd: Directory 'pyhook-2013-04-18-14:44:51-29747' creation detected Apr 18 14:44:51 localhost abrt-server[29798]: Saved problem directory of pid 29747 to '/var/tmp/abrt/pyhook-2013-04-18-14:44:51-29747' Apr 18 14:44:52 localhost realmd[29650]: Apr 18 14:44:52 localhost realmd[29650]: Traceback (most recent call last): Apr 18 14:44:52 localhost realmd[29650]: File "/usr/sbin/ipa-client-install", line 2464, in <module> Apr 18 14:44:52 localhost realmd[29650]: sys.exit(main()) Apr 18 14:44:52 localhost realmd[29650]: File "/usr/sbin/ipa-client-install", line 2450, in main Apr 18 14:44:52 localhost realmd[29650]: rval = install(options, env, fstore, statestore) Apr 18 14:44:52 localhost realmd[29650]: File "/usr/sbin/ipa-client-install", line 2330, in install Apr 18 14:44:52 localhost realmd[29650]: auth_config.execute() Apr 18 14:44:52 localhost realmd[29650]: File "/usr/lib/python2.7/site-packages/ipapython/platform/redhat/auth.py", line 49, in execute Apr 18 14:44:52 localhost realmd[29650]: ipautil.run(["/usr/sbin/authconfig"]+args) Apr 18 14:44:52 localhost realmd[29650]: File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 300, in run Apr 18 14:44:52 localhost realmd[29650]: close_fds=True, env=env, cwd=cwd) Apr 18 14:44:52 localhost realmd[29650]: File "/usr/lib/python2.7/subprocess.py", line 711, in __init__ Apr 18 14:44:52 localhost realmd[29650]: errread, errwrite) Apr 18 14:44:52 localhost realmd[29650]: File "/usr/lib/python2.7/subprocess.py", line 1308, in _execute_child Apr 18 14:44:52 localhost realmd[29650]: raise child_exception Apr 18 14:44:52 localhost realmd[29650]: OSError: [Errno 13] Permission denied Apr 18 14:44:53 localhost realmd[29650]: ! Running ipa-client-install failed Apr 18 14:44:53 localhost setroubleshoot: Unable to add audit event: node=localhost.localdomain type=AVC msg=audit(1366289092.738:2592): avc: denied { write } for pid=29800 comm="abrt-action-sav" name="__db.001" dev="sda3" ino=3989 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file Apr 18 14:44:53 localhost abrtd: Core backtrace is generated and saved, 674 bytes Apr 18 14:44:53 localhost abrtd: Duplicate: core backtrace Apr 18 14:44:53 localhost abrtd: DUP_OF_DIR: /var/tmp/abrt/pyhook-2013-04-18-13:22:16-3562 Apr 18 14:44:53 localhost abrtd: Deleting problem directory pyhook-2013-04-18-14:44:51-29747 (dup of pyhook-2013-04-18-13:22:16-3562) Apr 18 14:44:53 localhost /etc/gdm/Xsession[1095]: abrt-applet: repeated problem in freeipa-client-3.2.0-0.2.beta1.fc19, not showing the notification Apr 18 14:45:00 localhost setroubleshoot: Unable to add audit event: node=localhost.localdomain type=AVC msg=audit(1366289092.795:2593): avc: denied { write } for pid=29800 comm="abrt-action-sav" name="__db.001" dev="sda3" ino=3989 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:rpm_var_lib_t:s0 tclass=file Apr 18 14:45:15 localhost chronyd[324]: Selected source 88.198.244.104 Apr 18 14:45:24 localhost dbus-daemon[255]: dbus[255]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) Apr 18 14:45:24 localhost dbus[255]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) Apr 18 14:45:24 localhost dbus-daemon[255]: dbus[255]: [system] Successfully activated service 'org.freedesktop.PackageKit' Apr 18 14:45:24 localhost dbus[255]: [system] Successfully activated service 'org.freedesktop.PackageKit' Apr 18 14:45:24 localhost setroubleshoot: Unable to add audit event: node=localhost.localdomain type=AVC msg=audit(1366289124.246:2602): avc: denied { rlimitinh } for pid=29838 comm="packagekitd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rpm_t:s0-s0:c0.c1023 tclass=process ... (In reply to comment #16) > Also > > # ausearch -m user_avc [root@f19 stef]# ausearch -m user_avc ---- time->Wed Apr 17 20:28:10 2013 type=USER_AVC msg=audit(1366223290.292:362): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Wed Apr 17 21:36:20 2013 type=USER_AVC msg=audit(1366227380.550:615): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 13:21:42 2013 type=USER_AVC msg=audit(1366284102.359:873): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 13:21:43 2013 type=USER_AVC msg=audit(1366284103.371:877): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.148 spid=3590 tpid=3600 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 13:28:59 2013 type=USER_AVC msg=audit(1366284539.664:897): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 13:29:50 2013 type=USER_AVC msg=audit(1366284590.174:966): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.167 spid=3817 tpid=3827 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:05:18 2013 type=USER_AVC msg=audit(1366286718.745:2011): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.244 spid=28565 tpid=28575 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe=2F7573722F62696E2F646275732D6461656D6F6E202864656C6574656429 sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:17:01 2013 type=USER_AVC msg=audit(1366287421.893:2043): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:25:57 2013 type=USER_AVC msg=audit(1366287957.487:2112): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.263 spid=28994 tpid=29004 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe=2F7573722F62696E2F646275732D6461656D6F6E202864656C6574656429 sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:30:20 2013 type=USER_AVC msg=audit(1366288220.805:2454): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:30:22 2013 type=USER_AVC msg=audit(1366288222.540:2458): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.284 spid=29380 tpid=29390 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe=2F7573722F62696E2F646275732D6461656D6F6E202864656C6574656429 sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:40:27 2013 type=USER_AVC msg=audit(1366288827.879:2486): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:42:36 2013 type=USER_AVC msg=audit(1366288956.325:2512): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:44:15 2013 type=USER_AVC msg=audit(1366289055.447:2584): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:44:17 2013 type=USER_AVC msg=audit(1366289057.148:2588): pid=255 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.323 spid=29781 tpid=29791 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe=2F7573722F62696E2F646275732D6461656D6F6E202864656C6574656429 sauid=81 hostname=? addr=? terminal=?' Ok, try to run # ausearch -m user_avc |audit2allow -R -M mypol # semodule -i mypol.pp and re-test it. (In reply to comment #19) > Ok, try to run > > # ausearch -m user_avc |audit2allow -R -M mypol > # semodule -i mypol.pp > > > and re-test it. I've tried that and it still failing: [root@client ~]# ausearch -m user_avc ---- time->Thu Apr 18 10:07:56 2013 type=USER_AVC msg=audit(1366272476.326:500): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 10:21:30 2013 type=USER_AVC msg=audit(1366273290.954:930): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 13:09:31 2013 type=USER_AVC msg=audit(1366283371.498:111): pid=378 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.43 spid=1311 tpid=1321 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:55:57 2013 type=USER_AVC msg=audit(1366289757.492:144): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.42 spid=1430 tpid=1440 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:56:52 2013 type=USER_AVC msg=audit(1366289812.792:147): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 14:57:58 2013 type=USER_AVC msg=audit(1366289878.790:204): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.48 spid=1607 tpid=1617 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:15:25 2013 type=USER_AVC msg=audit(1366290925.712:387): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:15:29 2013 type=USER_AVC msg=audit(1366290929.333:388): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.55 spid=1607 tpid=1977 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:17:14 2013 type=USER_AVC msg=audit(1366291034.252:396): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:17:17 2013 type=USER_AVC msg=audit(1366291037.412:398): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.59 spid=2024 tpid=2028 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:26:08 2013 type=USER_AVC msg=audit(1366291568.182:1019): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:26:08 2013 type=USER_AVC msg=audit(1366291568.858:1023): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.79 spid=3002 tpid=3012 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:27:07 2013 type=USER_AVC msg=audit(1366291627.517:1026): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:27:33 2013 type=USER_AVC msg=audit(1366291653.691:1080): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.86 spid=3178 tpid=3188 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:28:00 2013 type=USER_AVC msg=audit(1366291680.599:1245): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 18 15:28:03 2013 type=USER_AVC msg=audit(1366291683.713:1246): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.89 spid=3178 tpid=3391 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' [root@client ~]# ausearch -m user_avc |audit2allow -R -M mypol ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i mypol.pp [root@client ~]# semodule -i mypol.pp [root@client ~]# [root@client ~]# realm join -v --user=admin skynet.com * Searching for kerberos SRV records for domain: _kerberos._udp.skynet.com * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.skynet.com * f19.skynet.com:88 * Trying to retrieve IPA certificate from f19.skynet.com * Retrieved IPA CA certificate verifies the HTTPS connection ! Couldn't discover IPA KDC * Found kerberos DNS records for: skynet.com * Found IPA style certificate for: skynet.com * Successfully discovered: skynet.com Password for admin: * Required files: /usr/sbin/ipa-client-install, /usr/sbin/sss_cache, /usr/sbin/sssd * LANG=C /usr/sbin/ipa-client-install --domain skynet.com --realm SKYNET.COM --principal admin -W --mkhomedir --no-ntp --enable-dns-updates --unattended Discovery was successful! Hostname: client.skynet.com Realm: SKYNET.COM DNS Domain: skynet.com IPA Server: f19.skynet.com BaseDN: dc=skynet,dc=com Synchronizing time with KDC... Successfully retrieved CA cert Subject: CN=Certificate Authority,O=SKYNET.COM Issuer: CN=Certificate Authority,O=SKYNET.COM Valid From: Tue Apr 16 15:52:24 2013 UTC Valid Until: Sat Apr 16 15:52:24 2033 UTC Enrolled in IPA realm SKYNET.COM Created /etc/ipa/default.conf New SSSD config will be created Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm SKYNET.COM trying https://f19.skynet.com/ipa/xml Forwarding 'env' to server u'https://f19.skynet.com/ipa/xml' DNS server record set to: client.skynet.com -> 192.168.100.31 Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Forwarding 'host_mod' to server u'https://f19.skynet.com/ipa/xml' Traceback (most recent call last): File "/usr/sbin/ipa-client-install", line 2464, in <module> sys.exit(main()) File "/usr/sbin/ipa-client-install", line 2450, in main rval = install(options, env, fstore, statestore) File "/usr/sbin/ipa-client-install", line 2330, in install auth_config.execute() File "/usr/lib/python2.7/site-packages/ipapython/platform/redhat/auth.py", line 49, in execute ipautil.run(["/usr/sbin/authconfig"]+args) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 300, in run close_fds=True, env=env, cwd=cwd) File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__ errread, errwrite) File "/usr/lib64/python2.7/subprocess.py", line 1308, in _execute_child raise child_exception OSError: [Errno 13] Permission denied ! Running ipa-client-install failed realm: Couldn't join realm: Running ipa-client-install failed [root@client ~]# ----- /var/log/audit/audit.log: type=USER_AVC msg=audit(1366292102.904:1351): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- /var/log/messages: Apr 18 15:34:48 client realmd[3486]: * Searching for kerberos SRV records for domain: _kerberos._udp.skynet.com Apr 18 15:34:48 client realmd[3486]: * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.skynet.com Apr 18 15:34:48 client realmd[3486]: * f19.skynet.com:88 Apr 18 15:34:48 client realmd[3486]: * Trying to retrieve IPA certificate from f19.skynet.com Apr 18 15:34:49 client realmd[3486]: * Retrieved IPA CA certificate verifies the HTTPS connection Apr 18 15:34:49 client realmd[3486]: ! Couldn't discover IPA KDC Apr 18 15:34:49 client realmd[3486]: * Found kerberos DNS records for: skynet.com Apr 18 15:34:49 client realmd[3486]: * Found IPA style certificate for: skynet.com Apr 18 15:34:49 client realmd[3486]: * Successfully discovered: skynet.com Apr 18 15:34:51 client realmd[3486]: * Required files: /usr/sbin/ipa-client-install, /usr/sbin/sss_cache, /usr/sbin/sssd Apr 18 15:34:51 client realmd[3486]: * LANG=C /usr/sbin/ipa-client-install --domain skynet.com --realm SKYNET.COM --principal admin -W --mkhomedir --no-ntp --enable-dns-updates --unattended Apr 18 15:34:52 client realmd[3486]: Discovery was successful! Apr 18 15:34:52 client realmd[3486]: Hostname: client.skynet.com Apr 18 15:34:52 client realmd[3486]: Realm: SKYNET.COM Apr 18 15:34:52 client realmd[3486]: DNS Domain: skynet.com Apr 18 15:34:52 client realmd[3486]: IPA Server: f19.skynet.com Apr 18 15:34:52 client realmd[3486]: BaseDN: dc=skynet,dc=com Apr 18 15:34:52 client realmd[3486]: Synchronizing time with KDC... Apr 18 15:34:52 client ntpdate[3661]: ntpdate 4.2.6p5 Tue Apr 2 17:47:01 UTC 2013 (1) Apr 18 15:34:58 client systemd[1]: Time has been changed Apr 18 15:34:58 client ntpdate[3661]: step time server 192.168.100.83 offset 0.000301 sec Apr 18 15:34:59 client realmd[3486]: Successfully retrieved CA cert Apr 18 15:34:59 client realmd[3486]: Subject: CN=Certificate Authority,O=SKYNET.COM Apr 18 15:34:59 client realmd[3486]: Issuer: CN=Certificate Authority,O=SKYNET.COM Apr 18 15:34:59 client realmd[3486]: Valid From: Tue Apr 16 15:52:24 2013 UTC Apr 18 15:34:59 client realmd[3486]: Valid Until: Sat Apr 16 15:52:24 2033 UTC Apr 18 15:34:59 client realmd[3486]: Apr 18 15:35:00 client realmd[3486]: Enrolled in IPA realm SKYNET.COM Apr 18 15:35:00 client realmd[3486]: Created /etc/ipa/default.conf Apr 18 15:35:01 client realmd[3486]: New SSSD config will be created Apr 18 15:35:01 client realmd[3486]: Configured /etc/sssd/sssd.conf Apr 18 15:35:01 client systemd[1]: Starting PC/SC Smart Card Daemon... Apr 18 15:35:01 client systemd[1]: Started PC/SC Smart Card Daemon. Apr 18 15:35:01 client pcscd[3671]: 00000000 utils.c:53:GetDaemonPid() Can't open /var/run/pcscd/pcscd.pid: No such file or directory Apr 18 15:35:01 client pcscd[3671]: 00008650 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00002277 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00002061 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00001194 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client realmd[3486]: Configured /etc/krb5.conf for IPA realm SKYNET.COM Apr 18 15:35:01 client realmd[3486]: trying https://f19.skynet.com/ipa/xml Apr 18 15:35:01 client realmd[3486]: Forwarding 'env' to server u'https://f19.skynet.com/ipa/xml' Apr 18 15:35:01 client pcscd[3671]: 00198272 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00002448 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00002265 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:01 client pcscd[3671]: 00000230 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88' Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109 Apr 18 15:35:02 client /usr/bin/dbus-launch[606]: "' Apr 18 15:35:02 client realmd[3486]: DNS server record set to: client.skynet.com -> 192.168.100.31 Apr 18 15:35:02 client systemd[1]: Started D-Bus System Message Bus. Apr 18 15:35:02 client systemd[1]: Starting Certificate monitoring and PKI enrollment... Apr 18 15:35:02 client systemd[1]: Started Certificate monitoring and PKI enrollment. Apr 18 15:35:03 client systemd[1]: Stopping Certificate monitoring and PKI enrollment... Apr 18 15:35:03 client systemd[1]: Starting Certificate monitoring and PKI enrollment... Apr 18 15:35:03 client systemd[1]: Started Certificate monitoring and PKI enrollment. Apr 18 15:35:03 client systemd[1]: Reloading. Apr 18 15:35:03 client realmd[3486]: Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Apr 18 15:35:03 client realmd[3486]: Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub Apr 18 15:35:03 client realmd[3486]: Forwarding 'host_mod' to server u'https://f19.skynet.com/ipa/xml' Apr 18 15:35:03 client pcscd[3671]: 01726369 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:04 client certmonger: Certificate named "IPA Machine Certificate - client.skynet.com" in token "NSS Certificate DB" in database "/etc/pki/nssdb" issued by CA and saved. Apr 18 15:35:06 client abrt: detected unhandled Python exception in '/usr/sbin/ipa-client-install' Apr 18 15:35:08 client pcscd[3671]: 04965243 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found Apr 18 15:35:08 client abrtd: New client connected Apr 18 15:35:09 client abrtd: Directory 'pyhook-2013-04-18-15:35:09-3658' creation detected Apr 18 15:35:09 client abrt-server[3721]: Saved problem directory of pid 3658 to '/var/tmp/abrt/pyhook-2013-04-18-15:35:09-3658' Apr 18 15:35:09 client realmd[3486]: Apr 18 15:35:09 client realmd[3486]: Traceback (most recent call last): Apr 18 15:35:09 client realmd[3486]: File "/usr/sbin/ipa-client-install", line 2464, in <module> Apr 18 15:35:09 client realmd[3486]: sys.exit(main()) Apr 18 15:35:09 client realmd[3486]: File "/usr/sbin/ipa-client-install", line 2450, in main Apr 18 15:35:09 client realmd[3486]: rval = install(options, env, fstore, statestore) Apr 18 15:35:09 client realmd[3486]: File "/usr/sbin/ipa-client-install", line 2330, in install Apr 18 15:35:09 client realmd[3486]: auth_config.execute() Apr 18 15:35:09 client realmd[3486]: File "/usr/lib/python2.7/site-packages/ipapython/platform/redhat/auth.py", line 49, in execute Apr 18 15:35:09 client realmd[3486]: ipautil.run(["/usr/sbin/authconfig"]+args) Apr 18 15:35:09 client realmd[3486]: File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 300, in run Apr 18 15:35:09 client realmd[3486]: close_fds=True, env=env, cwd=cwd) Apr 18 15:35:10 client realmd[3486]: File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__ Apr 18 15:35:10 client realmd[3486]: errread, errwrite) Apr 18 15:35:10 client realmd[3486]: File "/usr/lib64/python2.7/subprocess.py", line 1308, in _execute_child Apr 18 15:35:10 client realmd[3486]: raise child_exception Apr 18 15:35:10 client realmd[3486]: OSError: [Errno 13] Permission denied Apr 18 15:35:10 client realmd[3486]: ! Running ipa-client-install failed Apr 18 15:35:10 client abrtd: Core backtrace is generated and saved, 678 bytes Apr 18 15:35:10 client abrtd: Duplicate: core backtrace Apr 18 15:35:10 client abrtd: DUP_OF_DIR: /var/tmp/abrt/pyhook-2013-04-18-13:10:06-1279 Apr 18 15:35:10 client abrtd: Deleting problem directory pyhook-2013-04-18-15:35:09-3658 (dup of pyhook-2013-04-18-13:10:06-1279) with new policy it still fails:
[root@client ~]# rpm -qa selinux-policy*
selinux-policy-targeted-3.12.1-33.fc19.noarch
selinux-policy-doc-3.12.1-33.fc19.noarch
selinux-policy-devel-3.12.1-33.fc19.noarch
selinux-policy-3.12.1-33.fc19.noarch
[root@client ~]#
[root@client ~]# semodule -l | grep mypol
[root@client ~]#
type=USER_AVC msg=audit(1366293068.487:1417): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=3) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1366293068.490:1418): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1366293068.491:1419): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=4) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1366293071.476:1423): pid=373 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.112 spid=4596 tpid=4606 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:system_r:realmd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
/var/log/messages:
pr 18 15:50:11 client kernel: [ 7224.812379] SELinux: Context system_u:system_r:authconfig_t:s0-s0:c0.c1023 became invalid (unmapped).
Apr 18 15:50:16 client dbus[664]: avc: received policyload notice (seqno=4)
Apr 18 15:50:19 client dbus[373]: avc: received policyload notice (seqno=4)
Apr 18 15:50:21 client dbus[644]: avc: received policyload notice (seqno=4)
Apr 18 15:50:22 client dbus[373]: [system] Reloaded configuration
Apr 18 15:50:22 client dbus-daemon[373]: dbus[373]: avc: received policyload notice (seqno=4)
Apr 18 15:50:22 client dbus-daemon[373]: dbus[373]: [system] Reloaded configuration
Apr 18 15:50:43 client dbus-daemon[373]: dbus[373]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Apr 18 15:50:43 client dbus[373]: [system] Activating service name='org.freedesktop.realmd' (using servicehelper)
Apr 18 15:50:45 client realmd[4556]: * Searching for kerberos SRV records for domain: _kerberos._udp.skynet.com
Apr 18 15:50:45 client realmd[4556]: * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.skynet.com
Apr 18 15:50:45 client realmd[4556]: * f19.skynet.com:88
Apr 18 15:50:45 client realmd[4556]: * Trying to retrieve IPA certificate from f19.skynet.com
Apr 18 15:50:45 client dbus-daemon[373]: dbus[373]: [system] Successfully activated service 'org.freedesktop.realmd'
Apr 18 15:50:45 client dbus[373]: [system] Successfully activated service 'org.freedesktop.realmd'
Apr 18 15:50:46 client realmd[4556]: * Retrieved IPA CA certificate verifies the HTTPS connection
Apr 18 15:50:46 client realmd[4556]: ! Couldn't discover IPA KDC
Apr 18 15:50:46 client realmd[4556]: * Found kerberos DNS records for: skynet.com
Apr 18 15:50:47 client realmd[4556]: * Found IPA style certificate for: skynet.com
Apr 18 15:50:47 client realmd[4556]: * Successfully discovered: skynet.com
Apr 18 15:50:49 client realmd[4556]: * Required files: /usr/sbin/ipa-client-install, /usr/sbin/sss_cache, /usr/sbin/sssd
Apr 18 15:50:49 client realmd[4556]: * LANG=C /usr/sbin/ipa-client-install --domain skynet.com --realm SKYNET.COM --principal admin -W --mkhomedir --no-ntp --enable-dns-updates --unattended
Apr 18 15:50:54 client realmd[4556]: Discovery was successful!
Apr 18 15:50:54 client realmd[4556]: Hostname: client.skynet.com
Apr 18 15:50:54 client realmd[4556]: Realm: SKYNET.COM
Apr 18 15:50:54 client realmd[4556]: DNS Domain: skynet.com
Apr 18 15:50:54 client realmd[4556]: IPA Server: f19.skynet.com
Apr 18 15:50:54 client realmd[4556]: BaseDN: dc=skynet,dc=com
Apr 18 15:50:54 client realmd[4556]: Synchronizing time with KDC...
Apr 18 15:50:54 client ntpdate[4567]: ntpdate 4.2.6p5 Tue Apr 2 17:47:01 UTC 2013 (1)
Apr 18 15:51:00 client ntpdate[4567]: step time server 192.168.100.83 offset 0.000029 sec
Apr 18 15:51:00 client systemd[1]: Time has been changed
Apr 18 15:51:02 client realmd[4556]: Successfully retrieved CA cert
Apr 18 15:51:02 client realmd[4556]: Subject: CN=Certificate Authority,O=SKYNET.COM
Apr 18 15:51:02 client realmd[4556]: Issuer: CN=Certificate Authority,O=SKYNET.COM
Apr 18 15:51:02 client realmd[4556]: Valid From: Tue Apr 16 15:52:24 2013 UTC
Apr 18 15:51:02 client realmd[4556]: Valid Until: Sat Apr 16 15:52:24 2033 UTC
Apr 18 15:51:02 client realmd[4556]:
Apr 18 15:51:04 client realmd[4556]: Enrolled in IPA realm SKYNET.COM
Apr 18 15:51:04 client realmd[4556]: Created /etc/ipa/default.conf
Apr 18 15:51:05 client realmd[4556]: New SSSD config will be created
Apr 18 15:51:05 client realmd[4556]: Configured /etc/sssd/sssd.conf
Apr 18 15:51:06 client systemd[1]: Starting PC/SC Smart Card Daemon...
Apr 18 15:51:06 client systemd[1]: Started PC/SC Smart Card Daemon.
Apr 18 15:51:06 client pcscd[4576]: 00000000 utils.c:53:GetDaemonPid() Can't open /var/run/pcscd/pcscd.pid: No such file or directory
Apr 18 15:51:06 client pcscd[4576]: 00123982 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00004403 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00001137 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00001453 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client realmd[4556]: Configured /etc/krb5.conf for IPA realm SKYNET.COM
Apr 18 15:51:06 client realmd[4556]: trying https://f19.skynet.com/ipa/xml
Apr 18 15:51:06 client realmd[4556]: Forwarding 'env' to server u'https://f19.skynet.com/ipa/xml'
Apr 18 15:51:06 client pcscd[4576]: 00208825 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00002515 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00002184 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client pcscd[4576]: 00000217 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:06 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! Exception was: TypeError: realm is undefined
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! message = '"realm is undefined"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! fileName = '"/usr/share/gnome-shell/js/gdm/realmd.js"'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! lineNumber = '88'
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: JS ERROR: !!! stack = '"()@/usr/share/gnome-shell/js/gdm/realmd.js:88
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: wrapper()@/usr/share/gjs-1.0/lang.js:213
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: ([object GObject_Object],[object GObject_Boxed],[object Array])@/usr/share/gnome-shell/js/gdm/realmd.js:109
Apr 18 15:51:07 client /usr/bin/dbus-launch[606]: "'
Apr 18 15:51:08 client realmd[4556]: DNS server record set to: client.skynet.com -> 192.168.100.31
Apr 18 15:51:08 client systemd[1]: Started D-Bus System Message Bus.
Apr 18 15:51:08 client systemd[1]: Starting Certificate monitoring and PKI enrollment...
Apr 18 15:51:08 client systemd[1]: Started Certificate monitoring and PKI enrollment.
Apr 18 15:51:08 client systemd[1]: Stopping Certificate monitoring and PKI enrollment...
Apr 18 15:51:09 client systemd[1]: Starting Certificate monitoring and PKI enrollment...
Apr 18 15:51:09 client systemd[1]: Started Certificate monitoring and PKI enrollment.
Apr 18 15:51:09 client systemd[1]: Reloading.
Apr 18 15:51:41 client realmd[4556]: certmonger request for host certificate failed
Apr 18 15:51:41 client realmd[4556]: Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Apr 18 15:51:41 client realmd[4556]: Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Apr 18 15:51:41 client realmd[4556]: Forwarding 'host_mod' to server u'https://f19.skynet.com/ipa/xml'
Apr 18 15:51:41 client pcscd[4576]: 34671710 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:45 client abrt: detected unhandled Python exception in '/usr/sbin/ipa-client-install'
Apr 18 15:51:46 client pcscd[4576]: 04766489 winscard.c:240:SCardConnect() Reader E-Gate 0 0 Not Found
Apr 18 15:51:46 client abrtd: New client connected
Apr 18 15:51:46 client abrtd: Directory 'pyhook-2013-04-18-15:51:46-4564' creation detected
Apr 18 15:51:46 client abrt-server[4623]: Saved problem directory of pid 4564 to '/var/tmp/abrt/pyhook-2013-04-18-15:51:46-4564'
Apr 18 15:51:47 client realmd[4556]:
Apr 18 15:51:47 client realmd[4556]: Traceback (most recent call last):
Apr 18 15:51:47 client realmd[4556]: File "/usr/sbin/ipa-client-install", line 2464, in <module>
Apr 18 15:51:47 client realmd[4556]: sys.exit(main())
Apr 18 15:51:47 client realmd[4556]: File "/usr/sbin/ipa-client-install", line 2450, in main
Apr 18 15:51:47 client realmd[4556]: rval = install(options, env, fstore, statestore)
Apr 18 15:51:47 client realmd[4556]: File "/usr/sbin/ipa-client-install", line 2330, in install
Apr 18 15:51:47 client realmd[4556]: auth_config.execute()
Apr 18 15:51:47 client realmd[4556]: File "/usr/lib/python2.7/site-packages/ipapython/platform/redhat/auth.py", line 49, in execute
Apr 18 15:51:47 client realmd[4556]: ipautil.run(["/usr/sbin/authconfig"]+args)
Apr 18 15:51:47 client realmd[4556]: File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 300, in run
Apr 18 15:51:47 client realmd[4556]: close_fds=True, env=env, cwd=cwd)
Apr 18 15:51:47 client realmd[4556]: File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__
Apr 18 15:51:47 client realmd[4556]: errread, errwrite)
Apr 18 15:51:47 client realmd[4556]: File "/usr/lib64/python2.7/subprocess.py", line 1308, in _execute_child
Apr 18 15:51:47 client realmd[4556]: raise child_exception
Apr 18 15:51:47 client realmd[4556]: OSError: [Errno 13] Permission denied
Apr 18 15:51:47 client realmd[4556]: ! Running ipa-client-install failed
Apr 18 15:51:47 client abrtd: Core backtrace is generated and saved, 678 bytes
Apr 18 15:51:47 client abrtd: Duplicate: core backtrace
Apr 18 15:51:47 client abrtd: DUP_OF_DIR: /var/tmp/abrt/pyhook-2013-04-18-13:10:06-1279
Apr 18 15:51:47 client abrtd: Deleting problem directory pyhook-2013-04-18-15:51:46-4564 (dup of pyhook-2013-04-18-13:10:06-1279)
This is a reminder to mgrepl, how this issue was fixed:
[root@client ~]# cat mypol1.te
module mypol1 1.0;
require {
type sssd_t;
type selinux_config_t;
type realmd_t;
type rpm_var_lib_t;
type setroubleshootd_t;
type system_dbusd_t;
class process { siginh noatsecure rlimitinh };
class file { read write getattr open };
role system_r;
type authconfig_t;
}
role system_r types authconfig_t;
Building selinux-policy-3.12.1-34.fc19 for f19-candidate after downloading selinux-policy-3.12.1-34.fc19, "realm join" and "realm leave" are working in enforcing mode without any problems . yay! :) *** Bug 953936 has been marked as a duplicate of this bug. *** selinux-policy-3.12.1-39.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-39.fc19 Package selinux-policy-3.12.1-39.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-39.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-7338/selinux-policy-3.12.1-39.fc19 then log in and leave karma (feedback). Package selinux-policy-3.12.1-40.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-40.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-7338/selinux-policy-3.12.1-40.fc19 then log in and leave karma (feedback). The following commands were verified against an IPA domain in enforcing mode and they work without problems; no AVCs appeared during the test. realm discover realm join realm list realm leave Verified components: realmd-0.13.91-1.fc19 selinux-policy-targeted-3.12.1-40.fc19 selinux-policy-3.12.1-40.fc19 These packages have now made it into Fedora 19. |