Hide Forgot
libreport version: 2.0.7 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.4-1.fc16.x86_64 reason: SELinux is preventing /usr/sbin/useradd from 'write' accesses on the directory /var/lib/xguest. time: Wed 07 Dec 2011 10:38:48 AM description: Text file, 3322 bytes
Created attachment 541657 [details] File: description
I did run: grep useradd /var/log/audit/audit.log | audit2allow -M mypol and: semodule -i mypol.pp and redid yum install xguest and gives the same sealert exception.
This is a policy issue. If you want to fix it now, you cat do it using these steps # systemctl stop auditd.service # semanage permissive -a useradd_t # yum install xguest # systemctl start auditd.service # semanage permissive -d useradd_t
Thanks for the suggestion. This is what I just did: # systemctl stop auditd.service # semanage permissive -a useradd_t # yum install xguest -y Loaded plugins: langpacks, presto, refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package xguest.noarch 0:1.0.10-1.fc16 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: xguest noarch 1.0.10-1.fc16 fedora 60 k Transaction Summary ================================================================================ Install 1 Package Total download size: 60 k Installed size: 60 k Downloading Packages: xguest-1.0.10-1.fc16.noarch.rpm | 60 kB 00:00 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Error in PREIN scriptlet in rpm package xguest-1.0.10-1.fc16.noarch /usr/sbin/semanage: Could not start semanage transaction error: %pre(xguest-1.0.10-1.fc16.noarch) scriptlet failed, exit status 1 Failed: xguest.noarch 0:1.0.10-1.fc16 Complete! So, it looks like there is more to it. Harish
Ok, I just built a new version of xguest package that will install in the proper directory and run everything in the post script. We have also fixed up some of the policy to allow useradd to do its thing.
xguest-1.0.10-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/xguest-1.0.10-2.fc16
Could you test it with this xguest package and with the latest policy from koji http://koji.fedoraproject.org/koji/buildinfo?buildID=278216 Thank you.
*** Bug 765680 has been marked as a duplicate of this bug. ***
Package xguest-1.0.10-2.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing xguest-1.0.10-2.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-16944/xguest-1.0.10-2.fc16 then log in and leave karma (feedback).
xguest-1.0.10-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
The new package installed without any error message in the terminal, but did not configure the xguest account. guest is not listed in the users on the gdm screen, and there is no user guest or xguest in /etc/passwd .
yum remove xguest userdel xguest semanage login -d xguest yum install xguest And see if this works correctly.
Thank you Daniel Walsh, but that did not work. After those commands, still no user xguest id xguest id: xguest: No such user so I again removed xguest, put selinux into permissive mode, and installed. yum remove xguest setenforce 0 yum install xguest setenforce 1 Now xguest is installed. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Are there any AVC msgs in permissive mode? $ yum remove xguest $ setenforce 0 $ yum install xguest $ setenforce 1 $ ausearch -m avc -ts recent
Thank you Miroslav, no, nothing when running that command (after removing, and re-installing in permissive mode ... ) ausearch -m avc -ts recent <no matches> -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers