Bug 171288 - up2date using console helper going from U1->U2 uses deprecated sysadm_r role
up2date using console helper going from U1->U2 uses deprecated sysadm_r role
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Regression
Depends On:
Blocks: 168429
  Show dependency treegraph
 
Reported: 2005-10-20 09:35 EDT by Jeff Needle
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0049
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-07 13:13:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Needle 2005-10-20 09:35:31 EDT
Description of problem:

Running up2date as a normal user will bring up consolehelper.  consolehelper
contains "ROLE=sysadm_r".  This has been removed in U2.  The result is that
scriplets fail when trying to restart services.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Run up2date on a U1 system as a regular user
2. Enter root password when consolehelper requests it
3. Wait and watch.
  
Actual results:
error: %postun(at-3.1.8-60.x86_64) scriptlet failed, exit status 126
error: %postun(dbus-0.22-12.EL.2.i386) scriptlet failed, exit status 126
error: %postun(dbus-0.22-12.EL.2.x86_64) scriptlet failed, exit status 126
error: %postun(iiimf-server-12.1-13.EL.x86_64) scriptlet failed, exit status
126/var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcidmapd: /bin/bash: bad
interpreter:Permission denied
/var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcgssd: /bin/bash: bad interpreter:
Permission denied
/var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/rpcsvcgssd: /bin/bash: bad interpreter:
Permission denied
/var/tmp/rpm-tmp.46816: /etc/rc.d/init.d/nfs: /bin/sh: bad interpreter:
Permission denied
error: %postun(nfs-utils-1.0.6-46.x86_64) scriptlet failed, exit status 126
error: %postun(samba-3.0.10-1.4E.x86_64) scriptlet failed, exit status 126
error: %postun(vixie-cron-4.1-20_EL.x86_64) scriptlet failed, exit status 126
error: %postun(xinetd-2.3.13-4.4E.x86_64) scriptlet failed, exit status 126

and after: 

# ps -eZ | grep sysadm
root:sysadm_r:unconfined_t      29623 ?        00:00:00 rhnsd
root:sysadm_r:unconfined_t      18201 ?        00:00:00 sshd
root:sysadm_r:unconfined_t        405 ?        00:00:00 sshd


Expected results:
Joy, happiness, and world peace.  And properly restarted services.

Additional info:
dmesg and full up2date transcript available upon request, but this is pretty
straight forward.
Comment 1 Jeff Needle 2005-10-20 09:36:52 EDT
Above should read /etc/security/console.apps/up2date contains "ROLE=sysadm_r".
Comment 2 Daniel Walsh 2005-10-20 09:39:28 EDT
Added role sysadm_r types initrc_t which will allow rpm to run init scripts.

Policy update in -1.17.30-2.115
Comment 7 Red Hat Bugzilla 2006-03-07 13:13:06 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0049.html

Note You need to log in before you can comment on or make changes to this bug.