Bug 121735 - sudo fails to execute commands, appearing to clash with selinux policy
Summary: sudo fails to execute commands, appearing to clash with selinux policy
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: i686
OS: Linux
medium
high
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
URL:
Whiteboard:
: 122160 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-26 22:10 UTC by Shawn M. Jones
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version: Fedora Core 3 Test 1
Clone Of:
Environment:
Last Closed: 2004-07-17 04:00:04 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Hardware Info, Output of lspci (9.20 KB, text/plain)
2004-04-26 22:14 UTC, Shawn M. Jones
no flags Details
Logfile (/var/log/messages) with plenty of messages (42.83 KB, text/plain)
2004-04-26 22:15 UTC, Shawn M. Jones
no flags Details

Description Shawn M. Jones 2004-04-26 22:10:44 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040304 Firefox/0.8

Description of problem:
For some reason sudo doesn't seem to function for me anymore.  My
account, "smj", is in the /etc/sudoers file, and this hasn't changed
since I upgraded from test2 to test 3.

What has changed is that I can't seem to do anything with sudo since I
upgraded the system.

Version-Release number of selected component (if applicable):
sudo-1.6.7p5-26

How reproducible:
Always

Steps to Reproduce:
1.  Login as a user in the /etc/sudoers file that has ALL=(ALL) ALL
access.
2.  Type sudo followed by any command of your choice.
3.  Enter your password, if necessary.
    

Actual Results:  The prompt returns the following:
sudo: unable to exec /usr/sbin/sesh: Permission denied

Within /var/log/messages, the following is returned:
Apr 26 18:15:25 shekhina kernel: audit(1083017725.655:0): avc:  denied
 { execute_no_trans } for  pid=1965 exe=/usr/bin/sudo
path=/usr/sbin/sesh dev=dm-2 ino=622886
scontext=user_u:user_r:user_sudo_t
tcontext=system_u:object_r:shell_exec_t tclass=file

Expected Results:  The command will be executed with the permissions
as granted in /etc/sudoers.

Additional info:

I'm still pretty new to Fedora Core 2 Test 3 and selinux.  The account
"smj" authenticates via NIS to a server running Debian 3.0.  This was
not a problem during Fedora Core 2 Test 2, so something in the upgrade
done this weekend changed sudo's behavior.

The line in /var/log/messages makes me think that it is related to the
selinux policy for the system.  If I'm using something incorrectly,
then forgive me, but it doesn't seem to work as advertised.

Comment 1 Shawn M. Jones 2004-04-26 22:14:14 UTC
Created attachment 99705 [details]
Hardware Info, Output of lspci

I doubt this is useful, but didn't want you to be without.

Comment 2 Shawn M. Jones 2004-04-26 22:15:59 UTC
Created attachment 99706 [details]
Logfile (/var/log/messages) with plenty of messages

This should be more useful, I hope.

Comment 3 Ben Levenson 2004-05-26 19:56:34 UTC
*** Bug 122160 has been marked as a duplicate of this bug. ***

Comment 4 Shawn M. Jones 2004-07-17 04:00:04 UTC
I'm closing this out as it appears to have been fixed by FC3 Test 1.


Note You need to log in before you can comment on or make changes to this bug.