Bug 197324 - semanage shows no output on text console
semanage shows no output on text console
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-30 03:31 EDT by Tomasz Kepczynski
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-17 15:39:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomasz Kepczynski 2006-06-30 03:31:59 EDT
Description of problem:
semanage shows no output on text console.

Version-Release number of selected component (if applicable):
policycoreutils-1.30.10-2.fc5 i386
selinux-policy-2.2.43-4.fc5 noarch
selinux-policy-targeted-2.2.43-4.fc5 noarch


How reproducible:
always

Steps to Reproduce:
1. Log as root to text console (tty1-tty6)
2. issue "semanage port -l" (or any other command including --help)

Actual results:
There is completely no output

Expected results:
Command output as expected.

Additional info:
This works on konsole under kde.
ausearch -c semanage:
----
time->Fri Jun 30 09:36:08 2006
type=PATH msg=audit(1151652968.693:757): item=2 name=(null) inode=1083300
dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0
type=PATH msg=audit(1151652968.693:757): item=1 name=(null) inode=2555947
dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0
type=PATH msg=audit(1151652968.693:757): item=0 name="/usr/sbin/semanage"
inode=878768 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:semanage_exec_t:s0
type=CWD msg=audit(1151652968.693:757):  cwd="/root"
type=AVC_PATH msg=audit(1151652968.693:757):  path="/dev/tty1"
type=AVC_PATH msg=audit(1151652968.693:757):  path="/dev/tty1"
type=AVC_PATH msg=audit(1151652968.693:757):  path="/dev/tty1"
type=SYSCALL msg=audit(1151652968.693:757): arch=40000003 syscall=11 success=yes
exit=0 a0=98e1008 a1=98bf0a8 a2=98e3008 a3=98e1008 items=3 pid=13097 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 comm="semanage"
exe="/bin/env" subj=root:system_r:semanage_t:s0-s0:c0.c255
type=AVC msg=audit(1151652968.693:757): avc:  denied  { use } for  pid=13097
comm="semanage" name="tty1" dev=tmpfs ino=1113
scontext=root:system_r:semanage_t:s0-s0:c0.c255
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=fd
type=AVC msg=audit(1151652968.693:757): avc:  denied  { use } for  pid=13097
comm="semanage" name="tty1" dev=tmpfs ino=1113
scontext=root:system_r:semanage_t:s0-s0:c0.c255
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=fd
type=AVC msg=audit(1151652968.693:757): avc:  denied  { use } for  pid=13097
comm="semanage" name="tty1" dev=tmpfs ino=1113
scontext=root:system_r:semanage_t:s0-s0:c0.c255
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=fd
Comment 1 Daniel Walsh 2006-07-11 14:31:57 EDT
This looks like a major labeling problem.  

When you login you end up in local_login_t which is a severe problem.

You need to relabel the system

touch /.autorelabel
reboot
Comment 2 Tomasz Kepczynski 2006-07-11 15:52:16 EDT
Did that and the problem is still there.
Now for the context - id for root logged on tty1 returns this:

uid=0(root) gid=0(root)
grupy=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=root:system_r:unconfined_t:SystemLow-SystemHigh

So where is local_login_t then??

And for completness:
geralt:~> ls -Z /usr/sbin/semanage
-rwxr-xr-x  root root system_u:object_r:semanage_exec_t /usr/sbin/semanage
geralt:~> ls -Z /sbin/mingetty
-rwxr-xr-x  root root system_u:object_r:getty_exec_t   /sbin/mingetty
geralt:~> ls -Z /bin/login
-rwxr-xr-x  root root system_u:object_r:login_exec_t   /bin/login
geralt:~> ls -Z /bin/tcsh
-rwxr-xr-x  root root system_u:object_r:shell_exec_t   /bin/tcsh

/bin/tcsh is root shell (changing this to /bin/bash does not help).

Now, as I see some references to tmpfs in ausearch output:
geralt:~> ls -Zd /tmp /dev/shm
drwxrwxrwt  root root system_u:object_r:tmpfs_t        /dev/shm
drwxrwxrwt  root root system_u:object_r:tmp_t          /tmp

What is different to any default is that /tmp is mounted
on tmpfs:
tmpfs on /tmp type tmpfs (rw,size=1G)
Comment 3 Daniel Walsh 2006-07-11 16:26:43 EDT
Yes you are right I have duplicated it here.

Fixed in selinux-policy-2.3.2-2

Note You need to log in before you can comment on or make changes to this bug.