Bug 165226 - SELinux blocks gserver mode of cvs
SELinux blocks gserver mode of cvs
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-05 12:43 EDT by Danny Padwa
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 1.25.3.12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-26 02:34:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Danny Padwa 2005-08-05 12:43:45 EDT
Description of problem:
cvs running in gserver mode needs to be able to read its credentials out 
of /etc/krb5.conf.   It can't.

Version-Release number of selected component (if applicable):
1.25.3-9

How reproducible:
Very

Steps to Reproduce:
1. Set up cvs gserver (or any other process that will run as 
system_u:system_r:cvs_t)
2. Try to connect to it.  This causes it to try to read /etc/krb5.keytab 
(system_u:object_r:krb5_keytab_t)
3. Watch it fail
  
Actual results:
Failure with an audit message

Expected results:
Success

Additional info:
Probably needs access to other kerberos-y things (like ability to make a 
network connection to the kdc) as well
Comment 1 Danny Padwa 2005-08-05 13:13:39 EDT
Winds up needing { read lock } to krb5_keytab_t:file, but then still doesn't 
work.

Failing when it tries to find .k5login file in the home directory (probably 
some generic kerberos server thing needed)

Failing when trying to do anything interesting in the CVS root - is there a 
special context set that should be applied to the CVSROOT and/or ,v files?
Comment 2 Daniel Walsh 2005-08-05 14:10:54 EDT
cvs_data_t
Comment 3 Daniel Walsh 2005-08-25 12:57:22 EDT
selinux-policy-targeted-1.25.3.12 fixed problem
Comment 4 Walter Justen 2005-08-26 02:34:57 EDT
Thanks for the bug report. This particular bug was fixed and a update package
was published for download. Please feel free to report any further bugs you find.

Note You need to log in before you can comment on or make changes to this bug.