Bug 748730 - updatedb fails because of missing slocate group (not created as expected)
Summary: updatedb fails because of missing slocate group (not created as expected)
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-25 08:09 UTC by Jaromír Cápík
Modified: 2016-02-01 01:55 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-25 12:56:22 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jaromír Cápík 2011-10-25 08:09:12 UTC 
Description of problem:
Even if the slocate group is supposed to be created in the %pre phase, this fails for some reason. 
The following terminal log shows 2 warnings, that slocate group doesn't exist (using root instead) and then the updatedb command fails.

[root@XXX]# yum install mlocate
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mlocate.x86_64 0:0.24-1.fc16 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================
 Package       Arch         Version           Repository     Size
==================================================================
Installing:
 mlocate       x86_64       0.24-1.fc16       rawhide       108 k

Transaction Summary
==================================================================
Install  1 Package

Total download size: 108 k
Installed size: 424 k
Is this ok [y/N]: y
Downloading Packages:
mlocate-0.24-1.fc16.x86_64.rpm             | 108 kB     00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : mlocate-0.24-1.fc16.x86_64                     1/1 
warning: group slocate does not exist - using root
warning: group slocate does not exist - using root
  Verifying  : mlocate                                        1/1 

Installed:
  mlocate.x86_64 0:0.24-1.fc16                                    

Complete!
[root@XXX]# updatedb
updatedb: can not find group `slocate'
[root@XXX]#
Comment 1 Jaromír Cápík 2011-10-25 08:44:29 UTC 
We just discovered, that groupadd fails with code 10: can't update group file ... but that happens only when installing the mlocate package. When I enter the same command in terminal, it works ...
Comment 2 Petr Pisar 2011-10-25 08:48:38 UTC 
/var/log/secure:
Oct 25 10:45:23 fedora-17 groupadd[1671]: cannot open /etc/group
Oct 25 10:45:23 fedora-17 groupadd[1671]: failed to add group slocate

/var/log/messages:
Oct 25 10:45:23 fedora-17 kernel: [ 1549.699743] type=1400 audit(1319532323.054:12389): avc:  denied  { write } for  pid=1671 comm="groupadd" name="group" dev=dm-0 ino=143763 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file

This is SELinux policy problem (selinux-policy-3.10.0-46.1.fc17.noarch), reassigning.
Comment 3 Daniel Walsh 2011-10-25 12:56:22 UTC 
Petr,

restorecon -R -v /etc/group

Should fix the problem.
Comment 4 Petr Pisar 2011-10-25 14:41:15 UTC 
You are right, the file has been mislabeled for unknown reason.
Comment 5 Petr Pisar 2011-10-25 14:44:41 UTC 
When is performed relabeling after upgrading policy? I did not reboot after upgrading the policy, so subsequent `yum install mlocate' hit the file with old label. (I see my F15 has etc_t on /etc/group.) Could this be the reason for mislabeled files?
Comment 6 Daniel Walsh 2011-10-25 14:51:44 UTC 
Yes we are experimenting in F17 with labeling /etc/group and /etc/passwd.  So there could have been a failure on the update to relabel these files.
Note You need to log in before you can comment on or make changes to this bug.