libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.3.0-0.rc6.git0.2.fc17.x86_64 reason: SELinux is preventing /usr/sbin/chkconfig from 'getattr' accesses on the file /usr/lib/systemd/systemd. time: Fri 09 Mar 2012 05:25:18 AM EST description: :SELinux is preventing /usr/sbin/chkconfig from 'getattr' accesses on the file /usr/lib/systemd/systemd. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that chkconfig should be allowed getattr access on the systemd file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep chkconfig /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:sambagui_t:s0-s0:c0.c1023 :Target Context system_u:object_r:init_exec_t:s0 :Target Objects /usr/lib/systemd/systemd [ file ] :Source chkconfig :Source Path /usr/sbin/chkconfig :Port <Unknown> :Host (removed) :Source RPM Packages chkconfig-1.3.59-1.fc17.x86_64 :Target RPM Packages systemd-43-2.fc17.x86_64 :Policy RPM selinux-policy-3.10.0-95.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.3.0-0.rc6.git0.2.fc17.x86_64 #1 SMP Mon Mar 5 : 16:54:07 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen Fri 09 Mar 2012 05:07:16 AM EST :Last Seen Fri 09 Mar 2012 05:08:07 AM EST :Local ID 8e573136-f988-4706-9ec2-8b76f5ea45f7 : :Raw Audit Messages :type=AVC msg=audit(1331287687.280:117): avc: denied { getattr } for pid=2085 comm="chkconfig" path="/usr/lib/systemd/systemd" dev="dm-1" ino=1445516 scontext=system_u:system_r:sambagui_t:s0-s0:c0.c1023 tcontext=system_u:object_r:init_exec_t:s0 tclass=file : : :type=SYSCALL msg=audit(1331287687.280:117): arch=x86_64 syscall=lstat success=no exit=EACCES a0=1c53430 a1=7fff0b549cb0 a2=7fff0b549cb0 a3=1000 items=0 ppid=2084 pid=2085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=chkconfig exe=/usr/sbin/chkconfig subj=system_u:system_r:sambagui_t:s0-s0:c0.c1023 key=(null) : :Hash: chkconfig,sambagui_t,init_exec_t,file,getattr : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
Why does s-c-samba use chkconfig instead of systemctl?
Does not seem like something we should block.
(In reply to comment #1) > Why does s-c-samba use chkconfig instead of systemctl? Probably because of the old codebase... I have a piece of code to abstract SysV and systemd services lying around in s-c-date which I'll add to s-c-samba.
commit 212f6b4287e2366f583a719c5a0cbdc49e2a568e Author: Nils Philippsen <nils> AuthorDate: Thu Apr 26 12:21:59 2012 +0200 don't run chkconfig on systemd service units (#801740) Copy and use service abstraction classes from system-config-date.
system-config-samba-1.2.97-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/system-config-samba-1.2.97-1.fc17
system-config-samba-1.2.97-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/system-config-samba-1.2.97-1.fc16
system-config-samba-1.2.97-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/system-config-samba-1.2.97-1.fc15
Package system-config-samba-1.2.97-1.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing system-config-samba-1.2.97-1.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-6641/system-config-samba-1.2.97-1.fc17 then log in and leave karma (feedback).
system-config-samba-1.2.97-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
system-config-samba-1.2.97-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
system-config-samba-1.2.97-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
(In reply to comment #11) > system-config-samba-1.2.97-1.fc17 has been pushed to the Fedora 17 stable > repository. If problems still persist, please make note of it in this bug > report. Still happens on my system. system-config-samba version: 1.2.97-1.fc17 selinux-policy-targeted: 3.10.0-128.fc17
(In reply to comment #12) > (In reply to comment #11) > > system-config-samba-1.2.97-1.fc17 has been pushed to the Fedora 17 stable > > repository. If problems still persist, please make note of it in this bug > > report. > Still happens on my system. > system-config-samba version: 1.2.97-1.fc17 > selinux-policy-targeted: 3.10.0-128.fc17 I've just tried this out with this version of s-c-samba, both smb and nmb services disabled and stopped. I straced both the frontend and backend (mechanism) programs and found no indication that s-c-samba called chkconfig for any reason. Would you please strace this and check if this is somehow different with you? The commands are: As root: strace -Ff -e execve -o /tmp/scsamba-mech.out /usr/share/system-config-samba/system-config-samba-mechanism.py --> leave it running As user: strace -Ff -e execve -o /tmp/scsamba-ui.out /usr/bin/system-config-samba Try to reproduce the issue and attach the resulting files /tmp/scsamba-mech.out and /tmp/scsamba-ui.out to this ticket. Thanks!
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days