Bug 132739 - SELinux interferes with authconfig (nscd)
SELinux interferes with authconfig (nscd)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: FC3Blocker FC3BugWeekQA
  Show dependency treegraph
 
Reported: 2004-09-16 11:32 EDT by Daniel Reed
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-30 01:16:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Reed 2004-09-16 11:32:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
Stopping portmap:                                          [  OK  ]
Starting portmap: audit(1095348109.539:0): avc:  denied  { read write
} for  pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
audit(1095348109.542:0): avc:  denied  { read write } for  pid=4082
exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
                                                           [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
Stopping nscd: audit(1095348110.117:0): avc:  denied  { search } for 
pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.124:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.132:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]
Starting nscd: audit(1095348110.165:0): avc:  denied  { search } for 
pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.176:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.189:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.16-2

Steps to Reproduce:
1. Install FC3-re0915.2
2. Do not specify any network ident./auth. during firstboot
3. Run authconfig from console
4. Specify caching, NIS, and Kerberos
    

Actual Results:  Identity and authentication services do reconfigure
properly, but there is a large spew, and nscd fails to start.
Comment 1 Daniel Walsh 2004-09-21 16:48:56 EDT
Fixed in selinux-policy-targeted-1.17.19-2
Comment 3 Ulrich Drepper 2004-10-30 01:16:39 EDT
I certainly have nscd now running with the targeted policy.  Closing.

Note You need to log in before you can comment on or make changes to this bug.