Bug 827228 - group slocate does not exist
group slocate does not exist
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
i686 Linux
unspecified Severity high
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-31 18:37 EDT by rambler8
Modified: 2012-06-04 13:36 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-04 13:36:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description rambler8 2012-05-31 18:37:50 EDT
When mlocate is installed with yum, a warning is displayed that the group slocate does not exist. Running updatedb after installation, causes a similar error to be displayed and /var/lib/mlocate/mlocate.db is not created as expected.

Here's the output from the installation, running updatedb, and trying to use locate


#yum install mlocate
Loaded plugins: presto
Resolving Dependencies
--> Running transaction check
---> Package mlocate.i686 0:0.25-1.fc18 will be installed
--> Finished Dependency Resolution
...
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : mlocate 0.25-1.fc18.i686
warning: group slocate does not exist - using root
warning: group slocate does not exist - using root
  Verifying  : mlocate-0.25-1.fc18.i686
Installed:
  mlocate.i686 0:0.25-1.fc18



# updatedb
updatedb: can not find group `slocate'


# locate rpmnew
locate: can not stat () `/var/lib/mlocate/mlocate.db': No such file or directory


# ls /var/lib/mlocate/mlocate.db
ls: cannot access /var/lib/mlocate/mlocate.db: No such file or directory
Comment 1 rambler8 2012-05-31 18:54:37 EDT
If slocate:x:21: is added to /etc/group before installation, there are no warnings during installation and both updatedb and locate work correctly
Comment 2 Miloslav Trmač 2012-06-01 07:51:45 EDT
Thanks for your report.  I'm afraid I can't reproduce this (on F17, but the mlocate package is unchanged).

There seems to be a problem with creating the group, although no error message has been reported.  Could you please do the following?
* yum remove mlocate
* groupdel slocate
* strace -ff -o log yum install mlocate
* attach a (compressed) archive of the created log.* files to this bug
Comment 3 rambler8 2012-06-01 09:29:28 EDT
Selinux is blocking the groupadd call during the package installation. If selinux is put into permissive mode before installing, everything works fine.
Comment 4 Miloslav Trmač 2012-06-01 09:32:31 EDT
(In reply to comment #3)
> Selinux is blocking the groupadd call during the package installation. If
> selinux is put into permissive mode before installing, everything works fine.

Thanks for the diagnosis - that sounds like something that should be fixed in the SELinux policy, though.
Comment 5 rambler8 2012-06-01 09:42:25 EDT
I agree that it should be fixed in SELinux policy, would you rather use this bug to ask the SELinux policy maintainers to fix the issue or that I create a new bug against the SELinux Policy.
Comment 6 Miloslav Trmač 2012-06-01 09:44:37 EDT
I think reusing this bug is fine, I have already reassigned it to selinux-policy.
Comment 7 Miroslav Grepl 2012-06-04 10:54:20 EDT
What AVC msg are you getting?

re-test it and run

# ausearch -m avc -ts recent

Thank you.
Comment 8 rambler8 2012-06-04 12:35:55 EDT
With SELinux in permissive mode I:
1.removed the mlocate package with yum
2.confirmed the package removal removed the slocate group from /etc/group (it did)

I made sure all packages were up-to-date with the rawhide repo by running yum update and ran fixfiles onboot

After rebooting with SELinux in enforicing mode, I tried to re-install mlocate using:  yum install mlocate.

The re-install failed the same way it did in the original report.

ausearch -m avc -ts recent doesn't show anything that's clearly related to this issue. However, audit.log contained the following newly added entries:

type=ADD_GROUP msg=audit(1338826819.612:357): pid=0 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow acct="slocate" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1338826819.613:358): pid=0 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group acct="slocate" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1338826819.614:359): pid=0 uid=0 auid=0 ses=1 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= acct="slocate" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
Comment 9 Daniel Walsh 2012-06-04 13:02:20 EDT
Those are not avc's.

Can you try without the dontaudit rules.

Remove mlocate package with yum
# semodule -DB
Install mlocate.
look for avc messages about groupadd
# semodule -B 

To turn back on dontaudit rules.

Note You need to log in before you can comment on or make changes to this bug.