-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom London wrote: > More from today's update, this time running permissive: > > type=SELINUX_ERR msg=audit(1198161003.852:35): security_compute_sid: > invalid context unconfined_u:unconfined_r:useradd_t:s0 for > scontext=unconfined_u:unconfined_r:rpm_script_t:s0 > tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process > type=SYSCALL msg=audit(1198161003.852:35): arch=40000003 syscall=11 > success=yes exit=0 a0=81c0ee8 a1=81c0248 a2=81bfbc8 a3=0 items=0 > ppid=4036 pid=4037 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 > sgid=0 fsgid=0 tty=pts0 comm="useradd" exe="/usr/sbin/useradd" > subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null) > type=USER_CHAUTHTOK msg=audit(1198161003.958:36): user pid=4037 uid=0 > auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=adding > user acct=gdm exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=? > res=failed)' > type=SELINUX_ERR msg=audit(1198161003.960:37): security_compute_sid: > invalid context unconfined_u:unconfined_r:useradd_t:s0 for > scontext=unconfined_u:unconfined_r:rpm_script_t:s0 > tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process > type=SYSCALL msg=audit(1198161003.960:37): arch=40000003 syscall=11 > success=yes exit=0 a0=81c0058 a1=81bfda0 a2=81bfe38 a3=0 items=0 > ppid=4036 pid=4038 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 > sgid=0 fsgid=0 tty=pts0 comm="usermod" exe="/usr/sbin/usermod" > subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null) > type=USER_CHAUTHTOK msg=audit(1198161003.993:38): user pid=4038 uid=0 > auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=changing > user shell acct=gdm exe="/usr/sbin/usermod" (hostname=?, addr=?, > terminal=? res=success)' > > from around here: > Updating : gtk2-devel ####################### [19/62] > Updating : gdm ####################### [20/62] > Updating : ipsec-tools ####################### [21/62] > > > I'd like to understand the issue here. > > Is the error message saying that a transition to > unconfined_u:unconfined_r:useradd_t:s0 from > scontext=unconfined_u:unconfined_r:rpm_script_t:s0 hasn't be allowed? > > tom Yes this is saying the unconfined_r:rpm_script_t can not transition to unconfined_r:useradd_t This is an RBAC problem. Tomorrows policy will transtion from unconfined_r to system_r when unconfined_t runs rpm. This should fix the problem. I am fully turning on RBAC and will probably have some hiccups. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHa1X+rlYvE4MpobMRAmqmAJ9frDkWz/m+fK/LrhaQvNSq18HlQgCgo8C1 qTnOhZyX46wY4laQeWDWMyM= =JjwJ -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
