Bug 856548 - current policy prevents adding users to groups
Summary: current policy prevents adding users to groups
Keywords:
Status: CLOSED DUPLICATE of bug 844167
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 854981
TreeView+ depends on / blocked
 
Reported: 2012-09-12 09:44 UTC by Matthias Runge
Modified: 2012-09-12 11:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-09-12 11:12:35 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Matthias Runge 2012-09-12 09:44:02 UTC
Description of problem:

take a fresh installed f17, (including updates), then run e.g
yum install mysql-server

results in:
Transaction Test Succeeded
Running Transaction
  Installing : mysql-server-5.5.27-1.fc17.x86_64                            1/1 
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
warning: user mysql does not exist - using root
warning: group mysql does not exist - using root
  Verifying  : mysql-server-5.5.27-1.fc17.x86_64                            1/1 


type=ADD_GROUP msg=audit(1347435072.926:84): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1347435072.928:85): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'
type=ADD_GROUP msg=audit(1347435072.929:86): pid=1658 uid=0 auid=1000 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= acct="mysql" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=? res=failed'



(reproducible also with openstack-nova, openstack-glance, qpidd, etc.)

Version-Release number of selected component (if applicable):
[root@localhost audit]# rpm -qa | grep selinux
libselinux-utils-2.1.10-3.fc17.x86_64
selinux-policy-devel-3.10.0-146.fc17.noarch
libselinux-2.1.10-3.fc17.x86_64
selinux-policy-targeted-3.10.0-146.fc17.noarch
libselinux-python-2.1.10-3.fc17.x86_64
selinux-policy-3.10.0-146.fc17.noarch


How reproducible:
100%

Steps to Reproduce:
1. fresh install f17, install updates during install
2. boot up
3. yum install mysql-server
  
Actual results:
see above

Expected results:
no denies

Additional info:

Comment 1 Pádraig Brady 2012-09-12 10:06:57 UTC
I can't reproduce this at all?

# getenforce 
Enforcing

# id mysql
id: mysql: no such user

# yum update

# rpm -qa "*selinux*"
selinux-policy-devel-3.10.0-146.fc17.noarch
selinux-policy-targeted-3.10.0-146.fc17.noarch
selinux-policy-3.10.0-146.fc17.noarch
libselinux-2.1.10-3.fc17.x86_64
libselinux-python-2.1.10-3.fc17.x86_64
libselinux-utils-2.1.10-3.fc17.x86_64

# yum install mysql-server

# id mysql
uid=27(mysql) gid=27(mysql) groups=27(mysql)

Comment 2 Pádraig Brady 2012-09-12 11:12:35 UTC
This seems intermittent.
I didn't experience in 3 tries
Matthias had issue in 2 of 3 tries

*** This bug has been marked as a duplicate of bug 844167 ***


Note You need to log in before you can comment on or make changes to this bug.