Bug 243163 - eric: AVC denials
Summary: eric: AVC denials
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: eric
Version: 7
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-07 16:48 UTC by Jerry James
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version: 3.9.2-3.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-27 21:50:53 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jerry James 2007-06-07 16:48:14 UTC 
Description of problem:
When I tried to install eric on an F7 box, I got the following AVC denials:

avc: denied { create } for comm="semanage" dev=dm-0 egid=0 euid=0
exe="/usr/bin/python" exit=6 fsgid=0 fsuid=0 gid=0 items=0
name="sitecustomize.pyc" pid=19082 scontext=system_u:system_r:semanage_t:s0
sgid=0 subj=system_u:system_r:semanage_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=0 

avc: denied { write } for comm="semanage" dev=dm-0 egid=0 euid=0
exe="/usr/bin/python" exit=224 fsgid=0 fsuid=0 gid=0 items=0
name="sitecustomize.pyc"
path="/usr/lib/python2.5/site-packages/sitecustomize.pyc" pid=19082
scontext=system_u:system_r:semanage_t:s0 sgid=0
subj=system_u:system_r:semanage_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:lib_t:s0 tty=(none) uid=0 

I suspect this is the real problem:

[root@localhost ~]# rpm -qf /usr/lib/python2.5/site-packages/sitecustomize.py
eric-3.9.2-2.fc7.1
[root@localhost ~]# rpm -qf /usr/lib/python2.5/site-packages/sitecustomize.pyo
eric-3.9.2-2.fc7.1
[root@localhost ~]# rpm -qf /usr/lib/python2.5/site-packages/sitecustomize.pyc
file /usr/lib/python2.5/site-packages/sitecustomize.pyc is not owned by any package

Version-Release number of selected component (if applicable):
eric-3.9.2-2.fc7.1

How reproducible:
Always

Steps to Reproduce:
1. Install eric with yum
  
Actual results:
The AVC denials given above are issued.

Expected results:
There should be no AVC denials.

Additional info:
Comment 1 Rex Dieter 2007-06-07 16:59:11 UTC 
Did you run eric as root (ever)?
Comment 2 Jerry James 2007-06-08 17:33:50 UTC 
No.  This happened at yum install time.  In fact, I haven't run eric as an
ordinary user yet, either.
Comment 3 Rex Dieter 2007-06-08 17:41:34 UTC 
WORKSFORME, /usr/lib/python2.5/site-packages/sitecustomize.pyc doesn't exist nor
is created on my f7 box.

I don't know how it got there, but I'd recommend:
rm -f /usr/lib/python2.5/site-packages/sitecustomize.pyc
Comment 4 Rex Dieter 2007-06-19 19:59:23 UTC 
marking WORKSFORME (for now).  
Please re-open if you can reproduce.
Comment 5 Rex Dieter 2007-08-27 13:25:21 UTC 
see also #254421
Comment 6 Rex Dieter 2007-08-27 13:31:51 UTC 
* Mon Aug 27 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 3.9.2-3
...
- don't set PYTHONOPTIMIZE, let brp-python-bytecompile do it's job,
  addresses selinux issues (#243163, #254421)
Comment 7 Fedora Update System 2007-08-27 21:50:20 UTC 
eric-3.9.2-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.