209649 – ybin fails with "Failed to initialize HFS working directories: Permission denied"

Bug 209649 - ybin fails with "Failed to initialize HFS working directories: Permission denied"

Summary: ybin fails with "Failed to initialize HFS working directories: Permission den...

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	rawhide
Hardware:	powerpc
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-10-06 17:06 UTC by Will Woods
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-10-06 22:33:44 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Will Woods 2006-10-06 17:06:54 UTC

+++ This bug was initially created as a clone of Bug #201414 +++
(See that bug for more details)

With today's tree (20061006), ybin fails when trying to update the bootloader
configuration on Apple hardware. 

audit(1160152655.772:5): avc:  denied  { write } for  pid=20949 comm="hmount"
name=".hcwd" dev=hda3 ino=18 scontext=root:system_r:bootloader_t:s0-s0:c0.c1023
tcontext=system_u:object_r:boot_runtime_t:s0 tclass=file

ybin is a shell script which calls hmount; hmount tries to write a state file.
Normally it tries to write to $HOME/.hcwd but writing to /root should not be
allowed by policy. 

ybin was patched to falsify $HOME, causing hmount to write to /boot/.hcwd
instead. The targeted policy is disallowing this.

This breaks kernel updates (and our installer testing) on Apple ppc hardware.

Comment 1 Will Woods 2006-10-06 22:33:44 UTC

Should be fixed with selinux-policy-2.3.18-7. Will reopen if problem persists.

Note You need to log in before you can comment on or make changes to this bug.