Description of problem: gcj-dbtool can't run with SELinux = Enforcing Version-Release number of selected component (if applicable): $ getenforce Enforcing $ rpm -q selinux-policy selinux-policy-3.6.32-35.fc12.noarch $ rpm -qf `which gcj-dbtool` libgcj-4.4.2-7.fc12.x86_64 How reproducible: Always Steps to Reproduce: 1. yum install swing-layout Actual results: [... here I'm removing it; the result is the same ...] Erasing : swing-layout- 1.0.3-4.fc12.x86_64 /usr/bin/rebuild-gcj-db: line 6: /usr/bin/gcj-dbtool: Permission denied /usr/bin/rebuild-gcj-db: line 6: /usr/bin/gcj-dbtool: Permission denied dirname: missing operand Try `dirname --help' for more information. mkdir: missing operand Try `mkdir --help' for more information. /usr/bin/rebuild-gcj-db: line 13: /usr/bin/gcj-dbtool: Permission denied xargs: /usr/bin/gcj-dbtool: Permission denied /usr/bin/rebuild-gcj-db: line 6: /usr/bin/gcj-dbtool: Permission denied If I setenforce=0 and re-run the above transaction, I get no errors. Expected results: No errors Additional info: I'm running SELinux = enforcing See also: https://www.redhat.com/archives/fedora-test-list/2009-November/msg00040.html
I saw some rather similar messages when updating last night: Updating : libgcj-4.4.2-7.fc12.x86_64 16/220 /var/tmp/rpm-tmp.e4hq6h: line 3: /usr/bin/gij: Permission denied Updating : 1:openoffice.org-impress-core-3.1.1-19.14.fc12.x86 33/220 /usr/lib64/openoffice.org3/program/unopkg: line 85: /usr/lib64/openoffice.org3/program/../basis-link/ure-link/bin/javaldx: Permission denied Updating : 1:openoffice.org-presenter-screen-3.1.1-19.14.fc12 34/220 /usr/lib64/openoffice.org3/program/unopkg: line 85: /usr/lib64/openoffice.org3/program/../basis-link/ure-link/bin/javaldx: Permission denied /usr/lib64/openoffice.org/basis3.1/program/../ure-link/bin/uno: line 44: /usr/lib64/openoffice.org/basis3.1/program/../ure-link/bin/javaldx: Permission denied Updating : 1:openoffice.org-draw-core-3.1.1-19.14.fc12.x86_64 56/220 /usr/lib64/openoffice.org3/program/unopkg: line 85: /usr/lib64/openoffice.org3/program/../basis-link/ure-link/bin/javaldx: Permission denied Updating : 1:openoffice.org-pdfimport-3.1.1-19.14.fc12.x86_64 57/220 /usr/lib64/openoffice.org3/program/unopkg: line 85: /usr/lib64/openoffice.org3/program/../basis-link/ure-link/bin/javaldx: Permission denied /usr/lib64/openoffice.org/basis3.1/program/../ure-link/bin/uno: line 44: /usr/lib64/openoffice.org/basis3.1/program/../ure-link/bin/javaldx: Permission denied I notice that all the problematic commands seem to be Java-related... -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
There have been no libjava/gcc-java related changes in the last few months and from what I've seen reported gij is properly labeled with java_exec_t, so I bet this is a selinux policy issue.
despite what I said on the list (to assign this to the package with the problematic executables), on second thoughts I guess it's probably SELinux related...CCing Dan. Dan? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
heh, jinx! -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
On F11 in F12 mock chroot latest gij shows: [pid 24810] statfs("/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 [pid 24810] open("/tmp/ffibvudJI", O_RDWR|O_CREAT|O_EXCL, 0600) = 8 [pid 24810] unlink("/tmp/ffibvudJI") = 0 [pid 24810] ftruncate(8, 4096) = 0 [pid 24810] mmap(NULL, 4096, PROT_READ|PROT_EXEC, MAP_SHARED, 8, 0) = 0x7f5733419000 [pid 24810] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 8, 0) = 0x7f5733418000 which looks correct. So, either something is wrong in the policy, or selinuxfs magic changed (or isn't mounted at /selinux).
I just tried both updates and I am seeing neither problem. rpm -q selinux-policy selinux-policy-3.6.32-38.fc12.noarch What policy are you trying this with?
I was on selinux-policy-3.6.32-35.fc12.noarch . Neither 36, 37 nor 38 has been tagged for F12 final, so none of them is in the F12 repos at present. If you think these builds should be in F12 final, you should file a tag request...ah, I see there's one for 37 - https://fedorahosted.org/rel-eng/ticket/2916 - but it hasn't been accepted yet. I've updated to 38, I'll stick some feedback on the tag request later. Would you expect this to have been broken in 35 and fixed by one of the changes since? -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
No, but I just wanted to see why it does not happen on my machine. yum reinstall swing-layout
[root@adam Fedora]# yum reinstall swing-layout Loaded plugins: dellsysidplugin2, fastestmirror, presto, refresh-packagekit Setting up Reinstall Process Loading mirror speeds from cached hostfile * rawhide: mirrors.tummy.com * rpmfusion-free-rawhide: mirrors.tummy.com * rpmfusion-nonfree-rawhide: mirrors.tummy.com No Match for argument: swing-layout Package(s) swing-layout available, but not installed. Nothing to do [root@adam Fedora]# rpm -q swing-layout package swing-layout is not installed -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Try yum install swing-layout
oh, sorry, now I see what you're trying to do, that was the OP's reproduction case. trying... that completed with no errors. I'm running selinux-policy -38 now, and I've rebooted since I had my problems with openoffice.org-related components (see my comment). -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping