Bug 132739 - SELinux interferes with authconfig (nscd)
Summary: SELinux interferes with authconfig (nscd)
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC3Blocker FC3BugWeekQA
TreeView+ depends on / blocked
 
Reported: 2004-09-16 15:32 UTC by Daniel Reed
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-30 05:16:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel Reed 2004-09-16 15:32:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
Stopping portmap:                                          [  OK  ]
Starting portmap: audit(1095348109.539:0): avc:  denied  { read write
} for  pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
audit(1095348109.542:0): avc:  denied  { read write } for  pid=4082
exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
                                                           [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
Stopping nscd: audit(1095348110.117:0): avc:  denied  { search } for 
pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.124:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.132:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]
Starting nscd: audit(1095348110.165:0): avc:  denied  { search } for 
pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.176:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.189:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.16-2

Steps to Reproduce:
1. Install FC3-re0915.2
2. Do not specify any network ident./auth. during firstboot
3. Run authconfig from console
4. Specify caching, NIS, and Kerberos
    

Actual Results:  Identity and authentication services do reconfigure
properly, but there is a large spew, and nscd fails to start.

Comment 1 Daniel Walsh 2004-09-21 20:48:56 UTC
Fixed in selinux-policy-targeted-1.17.19-2


Comment 3 Ulrich Drepper 2004-10-30 05:16:39 UTC
I certainly have nscd now running with the targeted policy.  Closing.


Note You need to log in before you can comment on or make changes to this bug.