241497 – f7-rc2 fresh install - audit messages

Bug 241497 - f7-rc2 fresh install - audit messages

Summary: f7-rc2 fresh install - audit messages

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policycoreutils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	241613 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-26 20:01 UTC by Darwin H. Webb
Modified:	2008-01-21 15:52 UTC (History)
CC List:	1 user (show)
Fixed In Version:	Current
Clone Of:
Environment:
Last Closed:	2008-01-21 15:52:07 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
audit messages-file (5.71 KB, text/plain) 2007-05-26 20:01 UTC, Darwin H. Webb	no flags	Details
View All

Description Darwin H. Webb 2007-05-26 20:01:58 UTC

Description of problem:
While creating a printer (Windows shared printer) cups triggers SETroubleshoot
with default_t

avc: denied { search } for comm="python" dev=dm-0 egid=7 euid=0
exe="/usr/bin/python" exit=-13 fsgid=7 fsuid=0 gid=7 items=0 name="root"
pid=3255 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=0 tclass=dir
tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0 

Also there are some denials for rhgb during first boot - along with bluetooth
and smartd. Attached file from messages.


Version-Release number of selected component (if applicable):
selinux-policy-2.6.4-8.fc7

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Darwin H. Webb 2007-05-26 20:01:58 UTC

Created attachment 155506 [details]
audit messages-file

Comment 2 Daniel Walsh 2007-05-29 15:08:50 UTC

This looks like a problem with anaconda/install not labeling /root correctly.

Comment 3 Chris Lumens 2007-05-31 14:49:12 UTC

*** Bug 241613 has been marked as a duplicate of this bug. ***

Comment 4 Chris Lumens 2007-05-31 21:15:19 UTC

As discussed in the office - looks like genhomedircon needs to write out policy
for users if it can't tell if selinux is enabled or not (line 266, in
getHomeDirContext).

Comment 5 Daniel Walsh 2007-06-01 14:38:18 UTC

Fixed in 
policycoreutils-2.0.19-2.fc8
policycoreutils-2.0.16-4.fc7

Also selinux-policy-2.6.4-12.fc7  will trigger relabel of /root.

Comment 6 Darwin H. Webb 2007-06-02 06:39:29 UTC

selinux-policy-2.6.4-12.fc7 - This or tageted pakage got /temp/tmprpm segfault
at line 14 no jodcontrol FG
This has happened several times on the selinux package.

Policycoreutils is not available

Finally, all of these are in updates-testing and most would never know they exit.
I didn't know until you said here because I usually look in the rep structure of
a mirror but none I can get to have an updates testing for fc7 or it is empty.

I know it is early in the release but but can these ealy updates be tested on
the fedora side and released earlier.
Beciase something is causing erros in f7 and it needs to be found. My user space
bombs off fairly oftem back to the log on screen.
Fx is the key program and so what ever it is using is not right.

Also, did you get all those cups errors for /tmp/smbspool fixed? It is on
another bug.

That's been going on since fc6 and blocks smb windows shred printed.
The cups guy says it selinux and cifs but I say it Fedora.

Darwin

Comment 7 Daniel Walsh 2007-06-04 15:31:22 UTC

Fixed will be in selinux-policy-2.6.4-13

What is the bugzilla number of the smbspool problem?

Comment 8 Darwin H. Webb 2007-06-04 18:21:54 UTC

The smbspool bug # is 199631

thank you,

Darwin

Note You need to log in before you can comment on or make changes to this bug.