Hide Forgot
Description of problem: IPA server installation crashes due to missing SELinux policy. All AVCs when installing in permissive mode: # ausearch -m avc -ts today ---- time->Wed Sep 25 11:33:46 2013 type=SYSCALL msg=audit(1380123226.223:266): arch=c000003e syscall=248 success=yes exit=202370179 a0=7f3f05ac4b2e a1=7f3efc3320d0 a2=0 a3=0 items=0 ppid=15518 pid=15521 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="named" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null) type=AVC msg=audit(1380123226.223:266): avc: denied { write } for pid=15521 comm="named" scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:named_t:s0 tclass=key ---- time->Wed Sep 25 11:33:46 2013 type=SYSCALL msg=audit(1380123226.224:267): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=c0fec83 a2=0 a3=0 items=0 ppid=15518 pid=15521 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="named" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null) type=AVC msg=audit(1380123226.224:267): avc: denied { read } for pid=15521 comm="named" scontext=system_u:system_r:named_t:s0 tcontext=system_u:system_r:named_t:s0 tclass=key ---- time->Wed Sep 25 11:33:56 2013 type=SYSCALL msg=audit(1380123236.402:273): arch=c000003e syscall=250 success=yes exit=4 a0=b a1=3cc9d5db a2=0 a3=0 items=0 ppid=15543 pid=15549 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1380123236.402:273): avc: denied { read } for pid=15549 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=key ---- time->Wed Sep 25 11:33:56 2013 type=SYSCALL msg=audit(1380123236.402:272): arch=c000003e syscall=248 success=yes exit=1019860443 a0=7fbb87a40b2e a1=7fbb96ce2ed0 a2=0 a3=0 items=0 ppid=15543 pid=15549 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1380123236.402:272): avc: denied { write } for pid=15549 comm="httpd" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=key audit2allow: # ausearch -m avc -ts today | audit2allow #============= httpd_t ============== allow httpd_t self:key { read write }; #============= named_t ============== allow named_t self:key { write read }; Version-Release number of selected component (if applicable): policycoreutils-2.1.14-81.el7.x86_64 selinux-policy-3.12.1-80.el7.noarch ipa-server-3.3.1-5.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server package 2. Run ipa-server-install 3. Actual results: Installation crashes in enforcing mode due to SELinux AVCs. Expected results: Installation passes. Additional info:
*** Bug 1012060 has been marked as a duplicate of this bug. ***
#============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t self:key { read write }; #============= named_t ============== #!!!! This avc is allowed in the current policy allow named_t self:key { write read };
*** This bug has been marked as a duplicate of bug 1012109 ***