Bug 859532 - radvd: permission denied when calling useradd/groupadd during installation
radvd: permission denied when calling useradd/groupadd during installation
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-21 14:53 EDT by Richard W.M. Jones
Modified: 2012-09-24 06:35 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-24 06:35:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2012-09-21 14:53:26 EDT
Description of problem:

During install of radvd on Rawhide with SELinux Enforcing:

/var/tmp/rpm-tmp.YDgPJ2: line 1: /sbin/groupadd: Permission denied
/var/tmp/rpm-tmp.YDgPJ2: line 3: /sbin/useradd: Permission denied
  Installing : radvd-1.9.1-4.fc19.x86_64                                 64/112 
warning: user radvd does not exist - using root
warning: group radvd does not exist - using root

Version-Release number of selected component (if applicable):

radvd-1.9.1-4.fc19.x86_64

How reproducible:

Happened once.
Comment 1 Petr Pisar 2012-09-24 04:28:49 EDT
What's your selinux-policy version? I believe this is regression in SELinux policy (bug #809735) that has been already reported and seemingly fixed, or some files are mislabeled in your system.
Comment 2 Petr Pisar 2012-09-24 04:43:15 EDT
I cannot reproduce your problem with current selinux-policy-3.11.1-18.fc18.noarch and following labels:

# ls -lZ /etc/group* /etc/gshadow*
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/group
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/group-
----------. root root system_u:object_r:shadow_t:s0    /etc/gshadow
----------. root root system_u:object_r:shadow_t:s0    /etc/gshadow-

If you still suffer from the problem, you will need to find help from SELinux maintainers by reassigning this report to selinux-policy component.
Comment 3 Richard W.M. Jones 2012-09-24 04:55:16 EDT
My password and group files are labelled the same way.

selinux-policy 3.11.1-7.fc18

(Before and after the update -- selinux-policy was not
updated during this transaction)

More info to follow ..
Comment 4 Richard W.M. Jones 2012-09-24 05:02:26 EDT
Well there was going to be more info, but now this
machine goes into an infinite loop in dracut.  Can't
be booted ...

Note this is Rawhide, not F18.
Comment 5 Petr Pisar 2012-09-24 05:11:06 EDT
I know it's F19. SELinux guys do not build for rawhide thus the policy package has f18 tag. I performed the test on just updated F19.

I'm moving this report to selinux-policy because the radvd package script runs under rpm identity and it's confined by SELinux.
Comment 6 Miroslav Grepl 2012-09-24 05:48:46 EDT
I would need to see outputs of

# semodule -DB
# yum install <whatever_causes_issue>
# ausearch -m avc -ts recent
Comment 7 Richard W.M. Jones 2012-09-24 06:35:39 EDT
Never mind .. after downgrading radvd and upgrading radvd,
the error message is gone.  So I'll say that this has been
fixed in rawhide.

Note You need to log in before you can comment on or make changes to this bug.