636790 – rhnmd - selinux block creation of nocpulse user

Bug 636790 - rhnmd - selinux block creation of nocpulse user

Summary: rhnmd - selinux block creation of nocpulse user

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Clients
Sub Component:
Version:	1.2
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Jan Pazdziora
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space16
TreeView+	depends on / blocked

Reported:	2010-09-23 10:13 UTC by Martin Minar
Modified:	2016-07-04 00:55 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-08-19 10:14:55 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Minar 2010-09-23 10:13:04 UTC

Description of problem:
When installing rhnmd with SELinux enabled I get:
  Installing     : rhnmd-5.3.7-1.fc13.noarch                                1/1 
/var/tmp/rpm-tmp.7NwrFe: line 2: /usr/sbin/groupadd: Permission denied
/var/tmp/rpm-tmp.7NwrFe: line 4: /usr/sbin/useradd: Permission denied
passwd: Unknown user name 'nocpulse'.
warning: user nocpulse does not exist - using root
warning: group nocpulse does not exist - using root
warning: user nocpulse does not exist - using root
warning: group nocpulse does not exist - using root
warning: user nocpulse does not exist - using root
warning: group nocpulse does not exist - using root
/sbin/runuser: user nocpulse does not exist

Probably because there are no selinux rules.

Version-Release number of selected component (if applicable):
Spacewalk nightly - Fedora 13 - client

How reproducible:
100%

Steps to Reproduce:
1. yum install rhnmd on clean machine
  
Actual results:
AVC warning

/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -sv no -m AVC -m USER_AVC -m SELINUX_ERR -ts 09/22/2010 20:53:37 < /dev/null
----
time->Wed Sep 22 20:55:01 2010
type=SYSCALL msg=audit(1285203301.927:30510): arch=c000003e syscall=59 success=no exit=-13 a0=23d76d0 a1=23d7de0 a2=23d4ff0 a3=7fffd93b62d0 items=0 ppid=3337 pid=3339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/bash" subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1285203301.927:30510): security_compute_sid:  invalid context unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=process
----
time->Wed Sep 22 20:55:01 2010
type=SYSCALL msg=audit(1285203301.955:30511): arch=c000003e syscall=59 success=no exit=-13 a0=23d54d0 a1=23d41b0 a2=23d4ff0 a3=7fffd93b62f0 items=0 ppid=3337 pid=3341 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sh" exe="/bin/bash" subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
type=SELINUX_ERR msg=audit(1285203301.955:30511): security_compute_sid:  invalid context unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process

Expected results:
No warning

Additional info:

Comment 1 Jan Pazdziora 2010-11-19 16:03:36 UTC

Mass-moving to space13.

Comment 2 Miroslav Suchý 2011-04-11 07:32:17 UTC

We did not have time for this one during Spacewalk 1.4 time frame. Mass moving to Spacewalk 1.5.

Comment 3 Miroslav Suchý 2011-04-11 07:36:43 UTC

We did not have time for this one during Spacewalk 1.4 time frame. Mass moving to Spacewalk 1.5.

Comment 4 Jan Pazdziora 2011-07-20 11:50:06 UTC

Aligning under space16.

Comment 5 Jan Pazdziora 2011-08-19 10:14:55 UTC

I no longer have Fedora 13 around but I tried it on Fedora 14 and the installation of rhnmd went without problems:

# yum install rhnmd
beaker-distro1                                                                                                                           | 3.7 kB     00:00     
fedora/metalink                                                                                                                          |  21 kB     00:00     
spacewalk-client                                                                                                                         | 2.1 kB     00:00     
spacewalk-client/primary_db                                                                                                              |  10 kB     00:00     
updates/metalink                                                                                                                         |  19 kB     00:00     
updates                                                                                                                                  | 4.7 kB     00:00     
updates/primary_db                                                                                                                       | 5.1 MB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package rhnmd.noarch 0:5.3.9-1.fc14 set to be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================
 Package                          Arch                              Version                                   Repository                                   Size
================================================================================================================================================================
Installing:
 rhnmd                            noarch                            5.3.9-1.fc14                              spacewalk-client                             15 k

Transaction Summary
================================================================================================================================================================
Install       1 Package(s)

Total download size: 15 k
Installed size: 20 k
Is this ok [y/N]: y
Downloading Packages:
rhnmd-5.3.9-1.fc14.noarch.rpm                                                                                                            |  15 kB     00:00     
warning: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID b3892132: NOKEY
spacewalk-client/gpgkey                                                                                                                  | 2.7 kB     00:00 ... 
Importing GPG key 0xB3892132:
 Userid: "Spacewalk <spacewalk-devel>"
 From  : http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2010
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing     : rhnmd-5.3.9-1.fc14.noarch                                                                                                                1/1 

Installed:
  rhnmd.noarch 0:5.3.9-1.fc14                                                                                                                                   

Complete!
# grep nocpulse /etc/passwd
nocpulse:x:498:498:NOCpulse user:/var/lib/nocpulse:/bin/bash
# grep AVC /var/log/audit/audit.log 
#

Note You need to log in before you can comment on or make changes to this bug.