Bug 117115 - Problem running programs what need root privileges as normal user in X
Problem running programs what need root privileges as normal user in X
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
: 117200 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-28 14:52 EST by Vaclav "sHINOBI" Misek
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-04 16:38:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vaclav "sHINOBI" Misek 2004-02-28 14:52:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040217

Description of problem:
When I try to start any program, what needs root privileges (like
system config tools, xmtr etc.), there appear dialog requesting for
root pasword. After entering password, there is error message "Could
not set exec context to user_u:sysadm_r:sysadm_t."

Version-Release number of selected component (if applicable):
policy-1.6-13

How reproducible:
Always

Steps to Reproduce:
1. run xmtr from xterm as non root user
2. enter root password
3.
    

Actual Results:  error message "Could not set exec context to
user_u:sysadm_r:sysadm_t."

Expected Results:  No error message, programs should be run with root
privileges (context should be set correctly).

Additional info:
Comment 1 Ronny Buchmann 2004-02-29 04:54:21 EST
The long list of avc denied messages when trying to start programs
with consolehelper


avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.Xauthority dev=hda3 ino=543620 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:user_t tcontext=system_u:object_r:home_root_t
tclass=file
 
avc:  denied  { read } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1 dev=hda3 ino=543665 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1 dev=hda3 ino=543665
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { create } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs scontext=user_u:user_r:user_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5899 exe=/usr/bin/consolehelper-gtk
path=/home/ronny/.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { link } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { unlink } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.TMP-j1tcYs dev=hda3 ino=543664
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { rename } for  pid=5899 exe=/usr/bin/consolehelper-gtk
name=.fonts.cache-1.NEW dev=hda3 ino=543666
scontext=user_u:user_r:user_t tcontext=user_u:object_r:home_root_t
tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=ronny dev=hda3 ino=543603 scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { add_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { create } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { link } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { write } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { read } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { getattr } for  pid=5901 exe=/usr/X11R6/bin/xauth
path=/home/ronny/.Xauthority dev=hda3 ino=543620
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=file
 
avc:  denied  { remove_name } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=system_u:object_r:home_root_t tclass=dir
 
avc:  denied  { unlink } for  pid=5901 exe=/usr/X11R6/bin/xauth
name=.Xauthority-c dev=hda3 ino=543664
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:home_root_t tclass=file
 
avc:  denied  { create } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { setattr } for  pid=5900 exe=/usr/sbin/userhelper
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { link } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA-c dev=hda3 ino=227161
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { write } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { read } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { getattr } for  pid=5902 exe=/usr/X11R6/bin/xauth
path=/root/.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
 
avc:  denied  { unlink } for  pid=5902 exe=/usr/X11R6/bin/xauth
name=.xauthCfdwAA dev=hda3 ino=227160
scontext=user_u:user_r:userhelper_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
Comment 2 Bill Nottingham 2004-03-02 01:14:08 EST
*** Bug 117200 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2004-03-25 13:44:18 EST
Fixed in policy-1.9-18.src.rpm
Comment 4 Vaclav "sHINOBI" Misek 2004-04-01 17:22:54 EST
Hmm, strange, I'm still observing the same behavior with updated
system to rawhide from 1st April (policy-1.9.2-1). I tried to run
fixfiles relabel and then reboot without any change.
Comment 5 Daniel Walsh 2004-04-02 08:29:28 EST
You need to upgrade the version of usermode to 1.70-2
If you want to run up2date, that also needs an update.

Dan
Comment 6 Vaclav "sHINOBI" Misek 2004-04-04 16:38:06 EDT
Yes, this issue seems to be resolved, therefore I'm closing it with
Rawhide

Note You need to log in before you can comment on or make changes to this bug.