Bug 150850 - nscd won't start: avc: denied { read write } ... name=passwd
nscd won't start: avc: denied { read write } ... name=passwd
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-11 07:07 EST by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-14 06:47:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2005-03-11 07:07:05 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

Description of problem:
nscd won't start after enabling and active selinux

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.52.1

How reproducible:
Always

Steps to Reproduce:
1. install RHEL4
2. chkconfig nscd on
3. reboot
  

Actual Results:  Starting nscd: [  OK  ]
audit(1110542462.415:0): avc:  denied  { read write } for  pid=1620 exe=/usr/sbi
n/nscd name=passwd dev=md1 ino=465037 scontext=user_u:system_r:nscd_t tcontext=s
ystem_u:object_r:file_t tclass=file

# ps ax |grep nscd
 2247 ttyS0    S+     0:00 grep nscd

# reboot
...
Stopping nscd: [FAILED]
...
Starting killall:  Stopping nscd: [FAILED]
[FAILED]


Expected Results:  Proper start like on selinux disabled:

Starting nscd: [  OK  ]

# ps ax |grep nscd
 1616 ?        Ssl    0:00 /usr/sbin/nscd
 2237 ttyS0    S+     0:00 grep nscd


Additional info:
Comment 1 Daniel Walsh 2005-03-11 15:12:32 EST
This looks like a machine that was not installed with SELinux enabled and
someone enabled it.  If you want to run with SELinux you will need to relable.
You can do this by entering the following command.


touch /.autorelabel
reboot
Comment 2 Peter Bieringer 2005-03-14 06:47:27 EST
Strange, I've installed with SELinux enabled, but had already done relabeling
after moving /var/log to a different partition (after installing).

Now I relabled again and the failure is suddenly gone.

Note You need to log in before you can comment on or make changes to this bug.