132739 – SELinux interferes with authconfig (nscd)

Bug 132739 - SELinux interferes with authconfig (nscd)

Summary: SELinux interferes with authconfig (nscd)

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC3Blocker FC3BugWeekQA
TreeView+	depends on / blocked

Reported:	2004-09-16 15:32 UTC by Daniel Reed
Modified:	2007-11-30 22:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-10-30 05:16:39 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Reed 2004-09-16 15:32:13 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
Stopping portmap:                                          [  OK  ]
Starting portmap: audit(1095348109.539:0): avc:  denied  { read write
} for  pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
audit(1095348109.542:0): avc:  denied  { read write } for  pid=4082
exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
                                                           [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
Stopping nscd: audit(1095348110.117:0): avc:  denied  { search } for 
pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.124:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.132:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]
Starting nscd: audit(1095348110.165:0): avc:  denied  { search } for 
pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.176:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.189:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.16-2

Steps to Reproduce:
1. Install FC3-re0915.2
2. Do not specify any network ident./auth. during firstboot
3. Run authconfig from console
4. Specify caching, NIS, and Kerberos
    

Actual Results:  Identity and authentication services do reconfigure
properly, but there is a large spew, and nscd fails to start.

Comment 1 Daniel Walsh 2004-09-21 20:48:56 UTC

Fixed in selinux-policy-targeted-1.17.19-2

Comment 3 Ulrich Drepper 2004-10-30 05:16:39 UTC

I certainly have nscd now running with the targeted policy.  Closing.

Note You need to log in before you can comment on or make changes to this bug.