Hide Forgot
Description of problem: systemctl start zebra.service error: Apr 10 20:00:39 trick zebra[643]: privs_init: could not lookup user quagga It works if SELinux is set to Permissive, with the following message: type=MAC_STATUS msg=audit(1334084469.612:1115): enforcing=0 old_enforcing=1 auid =1000 ses=27 type=SYSCALL msg=audit(1334084469.612:1115): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fffa2df2f50 a2=1 a3=3a7461682e items=0 ppid=316 pid=684 auid=10 00 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=27 comm= "setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfine d_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1334084471.729:1116): avc: denied { read } for pid=689 comm="zebra" name="passwd" dev="dm-1" ino=179130 scontext=system_u:system_r:zebra_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=AVC msg=audit(1334084471.729:1116): avc: denied { open } for pid=689 comm="zebra" name="passwd" dev="dm-1" ino=179130 scontext=system_u:system_r:zebra_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1334084471.729:1116): arch=c000003e syscall=2 success=yes exit=4 a0=7f7bca1356ca a1=80000 a2=1b6 a3=238 items=0 ppid=1 pid=689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zebra" exe="/usr/sbin/zebra" subj=system_u:system_r:zebra_t:s0 key=(null) type=AVC msg=audit(1334084471.730:1117): avc: denied { getattr } for pid=689 comm="zebra" path="/etc/passwd" dev="dm-1" ino=179130 scontext=system_u:system_r:zebra_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file type=SYSCALL msg=audit(1334084471.730:1117): arch=c000003e syscall=5 success=yes exit=0 a0=4 a1=7fffe84a5e70 a2=7fffe84a5e70 a3=0 items=0 ppid=1 pid=689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="zebra" exe="/usr/sbin/zebra" subj=system_u:system_r:zebra_t:s0 key=(null) type=SERVICE_START msg=audit(1334084471.739:1118): pid=0 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="zebra" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Version-Release number of selected component (if applicable): quagga-0.99.20.1-1.fc17.x86_64 How reproducible: 100% Steps to Reproduce: 1. See above. 2. 3. Actual results: Expected results: Additional info:
Fixed in selinux-policy-3.10.0-114.fc17
*** Bug 811472 has been marked as a duplicate of this bug. ***
(In reply to comment #1) > Fixed in selinux-policy-3.10.0-114.fc17 We don't have a build for this yet? At least, I can't find one in Koji ...
Yes, I am going to do it today.
selinux-policy-3.10.0-114.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-114.fc17
Package selinux-policy-3.10.0-114.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-114.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5870/selinux-policy-3.10.0-114.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-114.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.