Bug 119581 - screen reports Permission denied
Summary: screen reports Permission denied
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: screen
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Reed
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
 
Reported: 2004-03-31 15:47 UTC by Gregory Gulik
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-11-06 18:17:04 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
SELinux audit2allow output (what screen can't access) (300 bytes, text/plain)
2004-04-01 22:49 UTC, Lon Hohberger 		no flags Details
View All

Description Gregory Gulik 2004-03-31 15:47:50 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124

Description of problem:
When running the screen program as a regular user I get the following
error:
[greg@dell8100 greg]$ screen
Cannot make directory '/tmp/uscreens': Permission denied

Version-Release number of selected component (if applicable):
screen-4.14-3

How reproducible:
Always

Steps to Reproduce:
1. Log in
2. Open Terminal
3. Type "screen"
    

Actual Results:  [greg@dell8100 greg]$ screen
Cannot make directory '/tmp/uscreens': Permission denied

Expected Results:  Screen should start up.

Additional info:

Does not run as "root" either.
Comment 1 Daniel Reed 2004-04-01 21:24:28 UTC 
Please paste the output of: rpm -q --whatprovides `which screen`

There is no upstream version 4.14, nor am I seeing anything tagged as
4.14-3 internally. Also, our screen package should be using ~/.screen/
for its socket directory, not /tmp/uscreens/.
Comment 2 Gregory Gulik 2004-04-01 21:33:56 UTC 
Sorry, the version number was a typo.  Here is the correct information:

[greg@dell8100 greg]$ rpm -q --whatprovides `which screen`
screen-4.0.1-4
[greg@dell8100 greg]$ uname -a
Linux dell8100 2.6.3-2.1.253.2.1 #1 Fri Mar 12 14:01:55 EST 2004 i686
i686 i386 GNU/Linux
[greg@dell8100 greg]$ screen
Cannot make directory '/tmp/screens': Permission denied

This was a fresh install on a spare hard drive.
Comment 3 Lon Hohberger 2004-04-01 22:49:23 UTC 
Created attachment 99054 [details]
SELinux audit2allow output (what screen can't access)

This appears to be a policy issue with SELinux.  For now, you can type (as
root:sysadm_r:sysadm_t): "setenforce 0" to get screen running.
Comment 4 Lon Hohberger 2004-04-01 22:49:54 UTC 
Obvious note: ignore xdm_t line.
Comment 5 Tim Waugh 2004-04-03 11:12:04 UTC 
Adding 'tmp_domain($1_screen)' to macros/program/screen_macros.te gets
further:

$ screen
audit(1080990982.120:0): avc:  denied  { read } for  pid=3266
exe=/usr/bin/screen name=xterm dev=hdb1 ino=1171500
scontext=user_u:user_r:user_screen_t tcontext=system_u:object_r:usr_t
tclass=file
Cannot find terminfo entry for 'xterm'.

Perhaps this is /usr/share/terminfo/x/xterm?
Comment 6 Tim Waugh 2004-04-03 11:16:10 UTC 
Adding 'allow $1_screen_t usr_t:file { read };' to
macros/program/screen_macros.te fixes this, and makes screen start up
with no problems.

Don't know if terminfo files should have any special file contexts.
Comment 7 Daniel Walsh 2004-04-03 13:09:36 UTC 
Added fixes in policy-1.9.2-10.

Lon lets sit down on Monday and work our way through the rest of these.


Dan
Comment 8 Daniel Reed 2004-11-06 18:17:04 UTC 
Please reopen if you are still having difficulties. Thanks.
Note You need to log in before you can comment on or make changes to this bug.