Bug 635530 - unable to login as non-root user with selinux enabled
unable to login as non-root user with selinux enabled
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: libselinux (Show other bugs)
12
x86_64 Linux
low Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-20 01:36 EDT by Lakshmipathi
Modified: 2010-12-03 07:25 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-03 07:25:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Lakshmipathi 2010-09-20 01:36:29 EDT
Description of problem:
I'm unable to login as non-root user with selinux enabled. Selinux worked fine for few days . I'm not sure what caused this issue.
Version-Release number of selected component (if applicable):
# rpm -qa | grep selinux
libselinux-utils-2.0.87-1.fc12.x86_64
selinux-policy-targeted-3.6.32-59.fc12.noarch
selinux-policy-3.6.32-59.fc12.noarch
libselinux-python-2.0.87-1.fc12.x86_64
libselinux-devel-2.0.87-1.fc12.x86_64
libselinux-2.0.87-1.fc12.x86_64


How reproducible:
I don't know , Selinux worked for me fine ..but suddenly it happens  . I have log files details below.

Steps to Reproduce:
1.login as non-root with selinux enabled.
2.
3.
  
Actual results:
unable to login as non-root 
Expected results:
normal user login should be allowed

Additional info:
first i tried to login as normal user "laks" - it failed .then i logged in as "root". here is the log :

type=USER_AUTH msg=audit(1284960128.636:173): user pid=2701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_ACCT msg=audit(1284960128.638:174): user pid=2701 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=LOGIN msg=audit(1284960128.638:175): login pid=2701 uid=0 old auid=4294967295 new auid=500 old ses=4294967295 new ses=6
type=ANOM_ABEND msg=audit(1284960128.639:176): auid=500 uid=0 gid=0 ses=6 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 pid=2701 comm="login" sig=11
type=USER_AUTH msg=audit(1284960133.358:177): user pid=2706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_ACCT msg=audit(1284960133.360:178): user pid=2706 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=LOGIN msg=audit(1284960133.360:179): login pid=2706 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=7
type=USER_ROLE_CHANGE msg=audit(1284960133.377:180): user pid=2706 uid=0 auid=0 ses=7 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023: exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_START msg=audit(1284960133.452:181): user pid=2706 uid=0 auid=0 ses=7 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=CRED_ACQ msg=audit(1284960133.453:182): user pid=2706 uid=0 auid=0 ses=7 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_LOGIN msg=audit(1284960133.454:183): user pid=2706 uid=0 auid=0 ses=7 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
Comment 1 Lakshmipathi 2010-09-21 02:00:29 EDT
here is my /var/log/messages  - 

Sep 21 11:17:40 localhost kernel: login[2196]: segfault at 10 ip 0000003c00a13f29 sp 00007fff38783490 error 4 in libselinux.so.1[3c00a00000+1c000]
Sep 21 11:17:41 localhost abrtd: Directory 'ccpp-1285048061-2196' creation detected
Sep 21 11:17:41 localhost abrt: saved core dump of pid 2196 to /var/cache/abrt/ccpp-1285048061-2196/coredump (1081344 bytes)
Sep 21 11:17:41 localhost init: tty3 main process (2196) terminated with status 11
Sep 21 11:17:41 localhost init: tty3 main process ended, respawning
Sep 21 11:17:43 localhost abrtd: Getting local universal unique identification...
Sep 21 11:17:44 localhost abrtd: Crash is in database already
Sep 21 11:17:44 localhost abrtd: Already saved crash, just sending dbus signal


it says something crashed.
Comment 2 Miroslav Grepl 2010-09-21 06:19:12 EDT
Could you update to the latest selinux-policy

# yum update selinux-policy-targeted

and then try to edit /etc/selinux/config and change the field

SELINUX=enforcing

to

SELINUX=permissive

After that try to login and run

ausearch -m avc -ts recent
Comment 3 Lakshmipathi 2010-09-21 07:09:01 EDT
no.that didn't work. I upgraded and rebooted the machine in permissive mode.
It didn't allow me to login as normal-user. ausearch output
----
time->Tue Sep 21 16:28:15 2010
type=SYSCALL msg=audit(1285066695.839:7): arch=c000003e syscall=59 success=yes exit=0 a0=fd8088 a1=fd6130 a2=7fffe84da618 a3=7fffe84d8dc0 items=0 ppid=2169 pid=2175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables-multi" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1285066695.839:7): avc:  denied  { read write } for  pid=2175 comm="iptables" path="socket:[18593]" dev=sockfs ino=18593 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=netlink_route_socket


but in audit.log i find something like above
 
type=USER_AUTH msg=audit(1285066703.141:8): user pid=2259 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_ACCT msg=audit(1285066703.143:9): user pid=2259 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=LOGIN msg=audit(1285066703.144:10): login pid=2259 uid=0 old auid=4294967295 new auid=500 old ses=4294967295 new ses=1
--->type=ANOM_ABEND msg=audit(1285066703.190:11): auid=500 uid=0 gid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 pid=2259 comm="login" sig=11


but for root users 

type=USER_AUTH msg=audit(1285066708.094:12): user pid=2299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_ACCT msg=audit(1285066708.096:13): user pid=2299 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=LOGIN msg=audit(1285066708.096:14): login pid=2299 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2
type=USER_ROLE_CHANGE msg=audit(1285066708.209:15): user pid=2299 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023: exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_START msg=audit(1285066708.321:16): user pid=2299 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=CRED_ACQ msg=audit(1285066708.322:17): user pid=2299 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_LOGIN msg=audit(1285066708.322:18): user pid=2299 uid=0 auid=0 ses=2 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=login id=0 exe="/bin/login" hostname=? addr=? terminal=tty1 res=success'
type=USER_ACCT msg=audit(1285066801.588:19): user pid=2381 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_ACCT msg=audit(1285066801.588:20): user pid=2382 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=CRED_ACQ msg=audit(1285066801.589:21): user pid=2382 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1285066801.590:22): login pid=2382 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=3
type=CRED_ACQ msg=audit(1285066801.590:23): user pid=2381 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=LOGIN msg=audit(1285066801.590:24): login pid=2381 uid=0 old auid=4294967295 new auid=491 old ses=4294967295 new ses=4
type=USER_START msg=audit(1285066801.591:25): user pid=2381 uid=0 auid=491 ses=4 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="munin" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'
type=USER_START msg=audit(1285066801.592:26): user pid=2382 uid=0 auid=0 ses=3 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'

--------
i suspect this is the error part

type=ANOM_ABEND msg=audit(1285066703.190:11): auid=500 uid=0 gid=0 ses=1 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 pid=2259 comm="login" sig=11
Comment 4 Daniel Walsh 2010-09-22 17:04:39 EDT
If you are not allowed to login as a normal user in permissive mode then it probably is not an SELinux issue.  Take a look in /var/log/secure to see if it is reporting any problems.  I think you might have a pam issue.
Comment 5 Lakshmipathi 2010-09-23 01:28:35 EDT
(In reply to comment #4)
> If you are not allowed to login as a normal user in permissive mode then it
> probably is not an SELinux issue.  Take a look in /var/log/secure to see if it
> is reporting any problems.  I think you might have a pam issue.

Ok.i edited /etc/selinux/config as permissive  and reboot the machine.
#>/var/log/secure
#>/var/log/messages
#>/var/log/audit/audit.log

tried to login as  normal user - and checked above files -
#cat /var/log/secure  --> its empty

=============
#cat /var/log/messages 
Sep 23 10:46:37 localhost kernel: login[2445]: segfault at 10 ip 0000003c00a13f29 sp 00007fff9874efa0 error 4 in libselinux.so.1[3c00a00000+1c000]
Sep 23 10:46:37 localhost abrtd: Directory 'ccpp-1285218997-2445' creation detected
Sep 23 10:46:37 localhost init: tty3 main process (2445) terminated with status 11
Sep 23 10:46:37 localhost init: tty3 main process ended, respawning
Sep 23 10:46:37 localhost abrt: saved core dump of pid 2445 to /var/cache/abrt/ccpp-1285218997-2445/coredump (1081344 bytes)
Sep 23 10:46:37 localhost abrtd: Getting local universal unique identification...
Sep 23 10:46:37 localhost abrtd: Crash is in database already
Sep 23 10:46:37 localhost abrtd: Already saved crash, just sending dbus signal
=============
# cat audit.log 
type=USER_AUTH msg=audit(1285218997.402:55): user pid=2445 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty3 res=success'
type=USER_ACCT msg=audit(1285218997.405:56): user pid=2445 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="laks" exe="/bin/login" hostname=? addr=? terminal=tty3 res=success'
type=LOGIN msg=audit(1285218997.405:57): login pid=2445 uid=0 old auid=4294967295 new auid=500 old ses=4294967295 new ses=6
type=ANOM_ABEND msg=audit(1285218997.405:58): auid=500 uid=0 gid=0 ses=6 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 pid=2445 comm="login" sig=11
=============

I can login with selinux disabled.here is  pam config file -

# cat /etc/pam.d/login 
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
#auth       required     pam_deny.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so
auth       optional 	pam_mount.so try_first_pass
#session	   optional	pam_mount.so try_first_pass
session    required 	pam_limits.so
auth     required       pam_tally2.so deny=4 even_deny_root unlock_time=120
Comment 6 Daniel Walsh 2010-09-23 09:26:50 EDT
So you can not login in permissive mode, but can log in in disabled mode?
No AVC messages when logging in and login program segfaults in permissive mode.
Comment 7 Lakshmipathi 2010-09-23 09:45:24 EDT
(In reply to comment #6)
> So you can not login in permissive mode, but can log in in disabled mode?
> No AVC messages when logging in and login program segfaults in permissive mode.

Yes,thats my issue.
Comment 8 Daniel Walsh 2010-09-23 15:39:26 EDT
Can you login via sshd?  Can you get onto the machine via some other mechanism to look at the label of the login program?

ps -eZ | grep login

Out of curiosity can you run

yum reinstall selinux-policy-targeted

And see if it generates any errors?
Comment 9 Lakshmipathi 2010-09-24 00:35:32 EDT
(In reply to comment #8)
> Can you login via sshd?  
No , It says "Connection closed by <ipaddress>"
> Out of curiosity can you run
> 
> yum reinstall selinux-policy-targeted
> 
> And see if it generates any errors?

Yes- I can see few errors - 
-----
selinux-policy-targeted-3.6.32-121.fc12.noarch.rpm       | 2.1 MB     00:09     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : selinux-policy-targeted-3.6.32-121.fc12.noarch           1/1 
libsemanage.get_users: user mi2 not in password file
libsemanage.get_users: user mi4 not in password file
******************

Installed:
  selinux-policy-targeted.noarch 0:3.6.32-121.fc12                              

Complete!
-----
I have deleted these two users after assigning selinux context - is that creating issue? Here is my semanage -l output

# semanage  login -l

Login Name                SELinux User              MLS/MCS Range            

%mi2                      guest_u                   s0                       
%mi4                      guest_u                   s0                       
__default__               unconfined_u              s0-s0:c0.c1023           
mi2                       guest_u                   s0                       
mi4                       user_u                    s0                       
root                      unconfined_u              s0-s0:c0.c1023           
system_u                  system_u                  s0-s0:c0.c1023           
useruuser                 user_u                    s0
Comment 10 Daniel Walsh 2010-09-24 09:16:17 EDT
Maybe.  This might be confusing the login programs.
Comment 11 Daniel Walsh 2010-09-24 09:18:10 EDT
Can you just edit the seusers file by hand. and remove all mi2 and mi4 references and see if you can login?

If yes then the bug is in either pam_selinux or libselinux.
Comment 12 Lakshmipathi 2010-09-24 09:52:43 EDT
(In reply to comment #11)
> Can you just edit the seusers file by hand. and remove all mi2 and mi4
> references and see if you can login?
> 
> If yes then the bug is in either pam_selinux or libselinux.

I edited /etc/selinux/targeted/seusers and removed those login lines and set selinux to permissive mode. reboot but still semanage login -l shows those login names(mi2 .mi4) - did i edit the wrong file?
Comment 13 Lakshmipathi 2010-09-24 09:54:47 EDT
during reboot selinux (changed from disabled to permissive mode) 
after logged in i checked the file those entries still alive ! I deleted them again. Now I tried to login to tty - it works !!!
Comment 14 Daniel Walsh 2010-09-24 11:49:44 EDT
Ok I am going to assign this to libselinux for now,  You setup to groups on your machine mi2 and mi4, and then want to set the users in those groups to login with guest_t correct?
Comment 15 Daniel Walsh 2010-09-24 11:54:03 EDT
As far as editing those files, you edited the correct files, but the real way to remove those entries is by using semanage.  Removing them from the file only effects the login programs.
Comment 16 Lakshmipathi 2010-09-25 01:18:58 EDT
(In reply to comment #14)
> Ok I am going to assign this to libselinux for now,  You setup to groups on
> your machine mi2 and mi4, and then want to set the users in those groups to
> login with guest_t correct?

that's correct,I wanted to setup  all members from group mi2/mi4 should have guest_t context.
Comment 17 Lakshmipathi 2010-09-25 01:19:19 EDT
(In reply to comment #15)
> As far as editing those files, you edited the correct files, but the real way
> to remove those entries is by using semanage.  Removing them from the file only
> effects the login programs.

thanks for the clarification.
Comment 18 Daniel Walsh 2010-09-25 06:59:55 EDT
I just tried this on F14 and it worked fine.

 semanage login -l

Login Name                SELinux User              MLS/MCS Range            

%guest                    guest_u                   s0                       
__default__               unconfined_u              s0-s0:c0.c1023           
dwalsh                    staff_u                   s0-s0:c0.c1023           
root                      unconfined_u              s0-s0:c0.c1023           
system_u                  system_u                  s0-s0:c0.c1023           
xguest                    xguest_u                  s0         

> grep guest /etc/group
guest:x:3268:pwalsh

> ssh localhost -l pwalsh
pwalsh@localhost's password: 
Last login: Sat Sep 25 06:42:32 2010
Unknown HZ value! (35) Assume 1024.
-bash-4.1$ id -Z
guest_u:guest_r:guest_t:s0
Comment 19 Lakshmipathi 2010-09-27 04:48:30 EDT
(In reply to comment #18)
> I just tried this on F14 and it worked fine.
> 
>  semanage login -l
> 
> Login Name                SELinux User              MLS/MCS Range            
> 
> %guest                    guest_u                   s0                       
> __default__               unconfined_u              s0-s0:c0.c1023           
> dwalsh                    staff_u                   s0-s0:c0.c1023           
> root                      unconfined_u              s0-s0:c0.c1023           
> system_u                  system_u                  s0-s0:c0.c1023           
> xguest                    xguest_u                  s0         
> 
> > grep guest /etc/group
> guest:x:3268:pwalsh
> 
> > ssh localhost -l pwalsh
> pwalsh@localhost's password: 
> Last login: Sat Sep 25 06:42:32 2010
> Unknown HZ value! (35) Assume 1024.
> -bash-4.1$ id -Z
> guest_u:guest_r:guest_t:s0
I think what you have done is
1.created a context for group and logged in.

but following steps  might reproduce the  issue
1.create a "user1" and by default he will be assigned to "user1"
2.now create context for this group "user1"
3.delete the user "user1" using simple userdel command. "userdel user1"
4.now semanage still lists the "user1" and i'm unable to login.
Comment 20 Carl G. 2010-10-04 20:31:26 EDT
I'll try and see if i can reproduce that later.
Comment 21 Bug Zapper 2010-11-03 05:59:29 EDT
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 22 Bug Zapper 2010-12-03 07:25:26 EST
Fedora 12 changed to end-of-life (EOL) status on 2010-12-02. Fedora 12 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.