Bug 856548 - current policy prevents adding users to groups
current policy prevents adding users to groups
Status: CLOSED DUPLICATE of bug 844167
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 854981
  Show dependency treegraph
 
Reported: 2012-09-12 05:44 EDT by Matthias Runge
Modified: 2012-09-12 07:12 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-12 07:12:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthias Runge 2012-09-12 05:44:02 EDT
Description of problem:

take a fresh installed f17, (including updates), then run e.g
yum install mysql-server

results in:
Transaction Test Succeeded
Running Transaction
  Installing : mysql-server-5.5.27-1.fc17.x86_64                            1/1 
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
  Verifying  : mysql-server-5.5.27-1.fc17.x86_64                            1/1 


type=ADD_GROUP msg=audit(1347435072.926:84): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1347435072.928:85): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1347435072.929:86): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'



(reproducible also with openstack-nova, openstack-glance, qpidd, etc.)

Version-Release number of selected component (if applicable):
[root@localhost audit]# rpm -qa | grep selinux
libselinux-utils-2.1.10-3.fc17.x86_64
selinux-policy-devel-3.10.0-146.fc17.noarch
libselinux-2.1.10-3.fc17.x86_64
selinux-policy-targeted-3.10.0-146.fc17.noarch
libselinux-python-2.1.10-3.fc17.x86_64
selinux-policy-3.10.0-146.fc17.noarch


How reproducible:
100%

Steps to Reproduce:
1. fresh install f17, install updates during install
2. boot up
3. yum install mysql-server
  
Actual results:
see above

Expected results:
no denies

Additional info:
Comment 1 Pádraig Brady 2012-09-12 06:06:57 EDT
I can't reproduce this at all?

# getenforce 
Enforcing

# id mysql
id: mysql: no such user

# yum update

# rpm -qa "*selinux*"
selinux-policy-devel-3.10.0-146.fc17.noarch
selinux-policy-targeted-3.10.0-146.fc17.noarch
selinux-policy-3.10.0-146.fc17.noarch
libselinux-2.1.10-3.fc17.x86_64
libselinux-python-2.1.10-3.fc17.x86_64
libselinux-utils-2.1.10-3.fc17.x86_64

# yum install mysql-server

# id mysql
uid=27(mysql) gid=27(mysql) groups=27(mysql)
Comment 2 Pádraig Brady 2012-09-12 07:12:35 EDT
This seems intermittent.
I didn't experience in 3 tries
Matthias had issue in 2 of 3 tries

*** This bug has been marked as a duplicate of bug 844167 ***

Note You need to log in before you can comment on or make changes to this bug.