Bug 784689 - avc errors when installing ipa client
Summary: avc errors when installing ipa client
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-25 19:50 UTC by Namita Soman
Modified: 2012-01-26 22:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-26 22:41:59 UTC
Target Upstream Version:

Attachments (Terms of Use)
avc log (9.02 KB, text/plain)
2012-01-25 19:53 UTC, Namita Soman 		no flags Details
sssd log (3.65 KB, text/plain)
2012-01-25 19:54 UTC, Namita Soman 		no flags Details
ipa client install log (11.29 KB, text/plain)
2012-01-25 19:54 UTC, Namita Soman 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Namita Soman 2012-01-25 19:50:56 UTC 
Description of problem:
When installing ipa-client, see message:
<snip>
...
SSSD enabled
Unable to find 'admin' user with 'getent passwd admin'!
Recognized configuration: SSSD
NTP enabled

...
<snip>

And avc errors are seen. Attaching log.
Also attaching log for sssd and ipaclient install

Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-126.el6.noarch
sssd-1.5.1-66.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64

How reproducible:
often

Steps to Reproduce:
1. Install ipaclient as admin:
ipa-client-install 
  
Actual results:
Seeing msg: Unable to find 'admin' user with 'getent passwd admin'!
and avc errors

Expected results:
install to complete with no avcs.

Additional info:
Comment 1 Namita Soman 2012-01-25 19:53:31 UTC 
Created attachment 557509 [details]
avc log
Comment 2 Namita Soman 2012-01-25 19:54:11 UTC 
Created attachment 557510 [details]
sssd log
Comment 3 Namita Soman 2012-01-25 19:54:41 UTC 
Created attachment 557511 [details]
ipa client install log
Comment 5 Milos Malik 2012-01-26 08:20:38 UTC 
/etc/resolv.conf is mislabelled. Please run following command as root:

restorecon -Rv /etc
Comment 6 Daniel Walsh 2012-01-26 22:41:59 UTC 
Did resolv.conf get created in /dev/shm?  It looks like it was created on a tmpfs_t file system and then mv'd to /etc.
Note You need to log in before you can comment on or make changes to this bug.