Bug 120854 - cannot run up2date as sysadm_r user (can as root)
Summary: cannot run up2date as sysadm_r user (can as root)
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-04-14 15:43 UTC by Gene Czarcinski
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-04-21 21:13:45 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Gene Czarcinski 2004-04-14 15:43:16 UTC
Description of problem:

I cannot run up2date from a sysadm_r user login.  I get the prompt for
the password but then it just quits.

policy = 1.11.2-1
up2date = 4.3.16-1

from /var/log/messages:

Apr 14 11:37:23 chaos kernel: audit(1081957043.719:0): avc:  denied  {
transition } for  pid=3104 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:staff_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process

Comment 1 Daniel Walsh 2004-04-15 15:37:12 UTC
Fixed in rawhide policy-1.11.2-6

Comment 2 Gene Czarcinski 2004-04-15 17:15:23 UTC
Nope, still not working (with policy-1.11.2-6 applied):

Apr 15 13:19:02 chaos kernel: audit(1082049542.764:0): avc:  denied  {
transition } for  pid=3298 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:sysadm_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process

Comment 3 Gene Czarcinski 2004-04-17 20:55:34 UTC
reverified still a problem with policy=1.11.2-9

Apr 17 16:53:09 chaos kernel: audit(1082235189.335:0): avc:  denied  {
transition } for  pid=23150 exe=/usr/sbin/userhelper
path=/usr/sbin/up2date dev=hda7 ino=776821
scontext=czarcing:sysadm_r:userhelper_t
tcontext=czarcing:sysadm_r:rpm_t tclass=process

Comment 4 Colin Walters 2004-04-21 21:13:45 UTC
Ok, should be fixed in the next policy upload (1.11.2-15).


Comment 5 Gene Czarcinski 2004-04-28 15:45:56 UTC
Verified fixed in FC2-T3 plus policy=1.11.2-18 and up2date=4.3.17


Note You need to log in before you can comment on or make changes to this bug.