Bug 444656 - Strict selinux policy breaks setroubleshootd
Strict selinux policy breaks setroubleshootd
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-strict (Show other bugs)
5.1
noarch Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-29 15:35 EDT by Pat Riehecky
Modified: 2011-03-29 15:39 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-30 11:49:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
anaconda's crash information (414.78 KB, text/plain)
2011-03-29 15:39 EDT, IBM Bug Proxy
no flags Details

  None (edit)
Description Pat Riehecky 2008-04-29 15:35:54 EDT
Description of problem:
When switching to the strict selinux policy setroubleshootd is no longer functional

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-137.el5


How reproducible: 100%


Steps to Reproduce:
1. install strict policy
2. relable filesystem
3. try and launch setroubleshootd
  
Actual results:
Cannot launch: avc: denied { connectto } for comm="sealert" egid=0 euid=0
exe="/usr/bin/python" exit=0 fsgid=0 fsuid=0 gid=0 items=0
path="/var/run/setroubleshoot/setroubleshoot_server" pid=3616
scontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 sgid=0
subj=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 suid=0 tclass=unix_stream_socket
tcontext=system_u:system_r:setroubleshootd_t:s0 tty=(none) uid=0 

Expected results:
launching of setroubleshootd

Additional info:
Comment 1 Daniel Walsh 2008-04-30 08:36:17 EDT
Are you logging in as sysadm_r:sysadm_t via XWindows?  This is not considered
safe in strict policy.

Comment 2 Pat Riehecky 2008-04-30 09:34:56 EDT
That would explain that.
Comment 3 Pat Riehecky 2008-04-30 09:35:26 EDT
Hmmm... It won't let me mark it as "not a bug"
Comment 4 IBM Bug Proxy 2011-03-29 15:38:57 EDT
------- Comment From pc@us.ibm.com 2010-12-21 11:30 EDT-------
1.Server architecture(s) (please list all effected) (x86/POWER6/Z/etc.): only tried on POWER7
2.Server type (9117-MMA/HS20/s390/etc.): POWER7 blade 8406-71Y
3.General component (desktop/kernel/base OS/dev tools/etc.): anaconda
4.Other components involved (ixgbe/java/emulex/etc.): none
5.Does the server have the latest GA firmware? no (7.12 vs 7.15)
6.Has the problem been shown to occur on more than one system? no
7.Is a tested patch available? no
8.What is the latest official Red Hat build on which this bug has been seen? RHEL6 GA

------- Comment From  2011-01-03 03:15 EDT-------
Redhat,

Any updates?

Thanks
Muni

------- Comment From  2011-01-04 00:32 EDT-------
Redhat,

Below are the steps mostly due to which Anaconda exception occurs:

Install RHEL6 GA in graphics mode
Select Custom partitioning
Try to delete/add/modify the existing partitions. Exception occurs.

-Muni

------- Comment From pc@us.ibm.com 2011-02-07 16:50 EDT-------
(In reply to comment #16)
> What
> scenarios are you using when you see errors adding or modifying partitions?

It's been almost two months, so if the logs don't include the information you seek, I doubt my memory will be able to serve.  :-)  I usually allow the installer to create it's default layout, then I tweak it. I don't use LVM as a general rule, preferring raw ext3 (or ext4) partitions. I seem to recall in this case establishing a partition layout, then attempting to undo and redo it differently. I don't recall much more than that.

The logs show the anaconda crash, correct? Can you work backwards from that? Why did it crash, and how could that condition occur? (Just trying to help.)

------- Comment From  2011-02-21 03:08 EDT-------
Redhat,
Any updates on this issue?

Thanks
Muni

------- Comment From  2011-03-07 03:33 EDT-------
Redhat,
Did you get a chance to look into this issue? Any updates?

Thanks
Muni
Comment 5 IBM Bug Proxy 2011-03-29 15:39:05 EDT
Created attachment 488540 [details]
anaconda's crash information


------- Comment on attachment From pc@us.ibm.com 2010-12-09 11:10 EDT-------


---Problem Description---
anaconda crashed during installation while working on adding/deleting/editing partitions.
 
Contact Information = Paul Clarke <pc@us.ibm.com> 
 
---uname output---
?
 
Machine Type = POWER7 blade 8406-71Y 
 
---Debugger---
A debugger is not configured
 
---Steps to Reproduce---
 unsure, but I'll attach the debug file that anaconda provided post-crash
 
---Anaconda Component Data--- 
Userspace tool common name: anaconda 
 
The userspace tool has the following bit modes: ? 

Userspace rpm: anaconda 

Userspace tool obtained from project website:  na 
 
*Additional Instructions for Paul Clarke <pc@us.ibm.com>: 
-Post a private note with access information to the machine that the bug is occuring on.
-Attach ltrace and strace of userspace application.

Note You need to log in before you can comment on or make changes to this bug.