Bug 163303 - vipw/vigr fails to detect terminal
vipw/vigr fails to detect terminal
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
: 162844 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-14 18:05 EDT by Ignacio Vazquez-Abrams
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-27 16:37:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ignacio Vazquez-Abrams 2005-07-14 18:05:53 EDT
When running vipw/vigr as root in a terminal the following appears:

Vim: Warning: Output is not to a terminal
Vim: Warning: Input is not from a terminal

Keypresses appear "raw" instead of showing their normal effect. They do still
appear to work though, although the only thing I really tried in that state was
":q!".
Comment 1 Tomasz Ostrowski 2005-07-26 03:04:45 EDT
If the editor is other than vi then it is impossible to get out of it - I use
joe and I'm not able to CTRL-C out of it - I have to kill it from another
console. In single user mode I'd have to reset the system.
Comment 2 Ignacio Vazquez-Abrams 2005-07-28 03:12:49 EDT
It seems that something got updated in the meantime that fixed the problem. I'll
look into it a little more.
Comment 3 Charles C. Van Tilburg 2005-07-28 09:42:19 EDT
bug 162844 also deals with this... FC4

selinux seems to be involved...
Comment 4 Charles C. Van Tilburg 2005-07-28 09:46:36 EDT
setenforce 0 causes vipw to work just fine...
Comment 5 Tomasz Ostrowski 2005-07-28 10:52:34 EDT
A better workaround than turning off selinux (when using targeted policy):

1. Install selinux-policy-targeted-sources package:
yum install selinux-policy-targeted-sources

2. Add a line:
allow sysadm_passwd_t devpts_t:chr_file ioctl;
to /etc/selinux/targeted/src/policy/domains/misc/local.te

3. make -C /etc/selinux/targeted/src/policy reload

I think "component" for this bug should be changed to selinux-policy-targeted
and the bug assigned to Daniel Walsh - policy maintainer.
Comment 6 Charles C. Van Tilburg 2005-07-28 11:01:41 EDT
well, of course you should turn it back on after...
Comment 7 Karel Zak 2005-07-28 11:26:53 EDT
*** Bug 162844 has been marked as a duplicate of this bug. ***
Comment 9 Charles C. Van Tilburg 2005-07-28 11:39:46 EDT
actually, 162844 was first...
Comment 10 Daniel Walsh 2005-07-28 12:45:17 EDT
Fixed in selinux-policy-targetd-1.25.3-9
Comment 11 John Villalovos 2005-08-08 00:25:42 EDT
I don't know if the "fix" broke it for me.  But vipw does NOT work at all if I
login on the text console.  No error message is displayed, I just return back to
the command prompt.

vipw works if I SSH in using PuTTY.
vipw works if I run X Windows and start a terminal.

With the text console, when I run vipw, I get the following in
/var/log/audit/audit.log

type=AVC msg=audit(1123474668.338:12872868): avc:  denied  { search } for 
pid=20917 comm="vim" name="sys" dev=proc ino=-268435431
scontext=root:system_r:sysadm_passwd_t tcontext=system_u:object_r:sysctl_t
tclass=dir
type=SYSCALL msg=audit(1123474668.338:12872868): arch=40000003 syscall=5
success=no exit=-13 a0=d11170 a1=0 a2=bfbd6c60 a3=0 items=1 pid=20917 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="vim"
exe="/usr/bin/vim"
type=CWD msg=audit(1123474668.338:12872868):  cwd="/etc"
type=PATH msg=audit(1123474668.338:12872868): item=0
name="/proc/sys/kernel/version" flags=101  inode=4026531865 dev=00:03
mode=040555 ouid=0 ogid=0 rdev=00:00

I'm pretty sure that vipw was working before with the text console, since that
is primarily what I use on the system.

Also here is an strace dump of the failed vipw:

execve("/usr/sbin/vipw", ["vipw"], [/* 20 vars */]) = 0
brk(0)                                  = 0x9b37000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f15000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=45866, ...}) = 0
old_mmap(NULL, 45866, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f09000
close(3)                                = 0
open("/lib/libselinux.so.1", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\225"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=68864, ...}) = 0
old_mmap(0xb67000, 68592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0xb67000
old_mmap(0xb77000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0xb77000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\n\317\272"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1489572, ...}) = 0
old_mmap(0xb98000, 1219548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb98000
old_mmap(0xcbc000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x124000) = 0xcbc000
old_mmap(0xcc0000, 7132, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcc0000
close(3)                                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f08000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f086c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0xcbc000, 8192, PROT_READ)     = 0
mprotect(0xb94000, 4096, PROT_READ)     = 0
munmap(0xb7f09000, 45866)               = 0
access("/etc/selinux/", F_OK)           = 0
brk(0)                                  = 0x9b37000
brk(0x9b58000)                          = 0x9b58000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f14000
read(3, "rootfs / rootfs rw 0 0\n/dev /dev"..., 1024) = 520
close(3)                                = 0
munmap(0xb7f14000, 4096)                = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=48520880, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d08000
close(3)                                = 0
setrlimit(RLIMIT_CPU, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_FSIZE, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_DATA, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_RSS, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=0}) = 0
rt_sigaction(SIGALRM, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGHUP, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN}, {SIG_DFL}, 8) = 0
umask(0)                                = 022
open("/etc/ptmptmp", O_WRONLY|O_CREAT|O_LARGEFILE, 0600) = 3
link("/etc/ptmptmp", "/etc/ptmp")       = 0
unlink("/etc/ptmptmp")                  = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE) = 4
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 8192) = 2589
write(3, "root:x:0:0:root:/root:/bin/bash\n"..., 2589) = 2589
read(4, "", 8192)                       = 0
close(4)                                = 0
close(3)                                = 0
stat64("/etc/ptmp", {st_mode=S_IFREG|0600, st_size=2589, ...}) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7f08708) = 19217
waitpid(19217, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], WSTOPPED) = 19217
--- SIGCHLD (Child exited) @ 0 (0) ---
write(2, "vipw: ", 6)                   = 6
write(2, "vim: ", 5)                    = 5
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7d07000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb7d07000, 4096)                = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such
file or directory)
write(2, "Permission denied\n", 18)     = 18
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No
such file or directory)
write(2, "vipw: /etc/passwd unchanged\n", 28) = 28
unlink("/etc/ptmp")                     = 0
exit_group(1)                           = ?

Note You need to log in before you can comment on or make changes to this bug.