Bug 1176022 - Can not start selinux sandbox
Summary: Can not start selinux sandbox
Keywords:
Status: CLOSED DUPLICATE of bug 1103622
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-19 07:51 UTC by Marian Csontos
Modified: 2015-02-02 09:22 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-02-02 09:22:12 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Marian Csontos 2014-12-19 07:51:49 UTC
Description of problem:

time->Thu Dec 18 14:40:41 2014
type=PROCTITLE msg=audit(1418910041.134:405): proctitle=2F7573722F62696E2F586570687972002D726573697A6561626C65002D7469746C650053616E64626F782073616E64626F785F7765625F743A73303A633331302C63393139202D2D20202F7573722F62696E2F66697265666F7820002D7465726D696E617465002D73637265656E00313238307831303234002D647069003936
type=SYSCALL msg=audit(1418910041.134:405): arch=c000003e syscall=42 success=no exit=-13 a0=0 a1=7fff469cc5b0 a2=14 a3=106 items=0 ppid=1656 pid=1665 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="Xephyr" exe="/usr/bin/Xephyr" subj=unconfined_u:unconfined_r:sandbox_web_t:s0:c310,c919 key=(null)
type=AVC msg=audit(1418910041.134:405): avc:  denied  { connectto } for  pid=1665 comm="Xephyr" path=002F746D702F2E5831312D756E69782F5830 scontext=unconfined_u:unconfined_r:sandbox_web_t:s0:c310,c919 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0

Version-Release number of selected component (if applicable):
selinux-policy-sandbox-3.13.1-103.fc21.noarch
selinux-policy-targeted-3.13.1-103.fc21.noarch
selinux-policy-3.13.1-103.fc21.noarch
policycoreutils-2.3-7.1.fc21.x86_64
policycoreutils-python-2.3-7.1.fc21.x86_64
policycoreutils-sandbox-2.3-7.1.fc21.x86_64
xorg-x11-server-Xephyr-1.16.2.901-1.fc21.x86_64

How reproducible:
100% here

Steps to Reproduce:
1. try to run anything in a selinux-sandbox: sandbox -X -t sandbox_x_t xterm

Actual results:
Xephyr does not start

Expected results:
sandboxed application

Additional info:

Comment 1 Marian Csontos 2014-12-19 08:00:03 UTC
Two more things I wanted to add:

1. I upgraded from F20 (installed directly) to F21 using fedup --product=nonproduct.
2. tried restorecon already

Comment 2 Marian Csontos 2015-02-02 09:22:12 UTC

*** This bug has been marked as a duplicate of bug 1103622 ***


Note You need to log in before you can comment on or make changes to this bug.