117115 – Problem running programs what need root privileges as normal user in X

Bug 117115 - Problem running programs what need root privileges as normal user in X

Summary: Problem running programs what need root privileges as normal user in X

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policy
Sub Component:
Version:	rawhide
Hardware:	athlon
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	117200 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-02-28 19:52 UTC by Vaclav "sHINOBI" Misek
Modified:	2007-11-30 22:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-04-04 20:38:06 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vaclav "sHINOBI" Misek 2004-02-28 19:52:35 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217

Description of problem:
When I try to start any program, what needs root privileges (like
system config tools, xmtr etc.), there appear dialog requesting for
root pasword. After entering password, there is error message "Could
not set exec context to user_u:sysadm_r:sysadm_t."

Version-Release number of selected component (if applicable):
policy-1.6-13

How reproducible:
Always

Steps to Reproduce:
1. run xmtr from xterm as non root user
2. enter root password
3.
    

Actual Results:  error message "Could not set exec context to
user_u:sysadm_r:sysadm_t."

Expected Results:  No error message, programs should be run with root
privileges (context should be set correctly).

Additional info:

Comment 1 Ronny Buchmann 2004-02-29 09:54:21 UTC

The long list of avc denied messages when trying to start programs
with consolehelper


avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t
tclass=file
 
avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1 dev=hda3 ino=543665
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { create } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { link } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { unlink } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { rename } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.NEW dev=hda3 ino=543666
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=ronny dev=hda3 ino=543603 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { add_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { create } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { link } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { read } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5901 exe=/usr/X11R6/bin/xauth
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { remove_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { unlink } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { create } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { setattr } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { link } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA-c dev=hda3 ino=227161
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { write } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { read } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { getattr } for  pid=5902 exe=/usr/X11R6/bin/xauth
path=/root/.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { unlink } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file

Comment 2 Bill Nottingham 2004-03-02 06:14:08 UTC

*** Bug 117200 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2004-03-25 18:44:18 UTC

Fixed in policy-1.9-18.src.rpm

Comment 4 Vaclav "sHINOBI" Misek 2004-04-01 22:22:54 UTC

Hmm, strange, I'm still observing the same behavior with updated
system to rawhide from 1st April (policy-1.9.2-1). I tried to run
fixfiles relabel and then reboot without any change.

Comment 5 Daniel Walsh 2004-04-02 13:29:28 UTC

You need to upgrade the version of usermode to 1.70-2
If you want to run up2date, that also needs an update.

Dan

Comment 6 Vaclav "sHINOBI" Misek 2004-04-04 20:38:06 UTC

Yes, this issue seems to be resolved, therefore I'm closing it with
Rawhide

Note You need to log in before you can comment on or make changes to this bug.