Re: Odd user/group identity lookup problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Florian/EngMOp/MAS/DCC wrote on 10/04/2012 14:50:10:
> I'm building F18 images with livecd-creator on F18 and for the first
> build attempt after boot, I see many unexpected errors like this
> snippet shows:
>
> [snip]
>   Installing: libsemanage                  ##################### [315/492]
>   Installing: shadow-utils                 ##################### [316/492]
> groupadd: failure while writing changes to /etc/group
> groupadd: failure while writing changes to /etc/group
>   Installing: libutempter                  ###                  
> [317/492]warning: group utempter does not exist - using root
> warning: group utmp does not exist - using root
>   Installing: libutempter                  ##################### [317/492]
> [snip]
>   Installing: parted                       ##################### [331/492]
> groupadd: failure while writing changes to /etc/group
> useradd: group 'dhcpd' does not exist
>   Installing: dhcp                         ####################  
> [332/492]warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
> warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
> warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
>   Installing: dhcp                         ##################### [332/492]
> [snip]
>   Installing: os-prober                    ##################### [335/492]
> groupadd: failure while writing changes to /etc/group
>   Installing: openssh                      ##########            
> [336/492]warning: group ssh_keys does not exist - using root
> [snip]
>   Installing: samba-common                 ##################### [338/492]
> Failed to initialize SELinux context: No such file or directory
>   Installing: iputils                      ##################### [339/492]
> [snip]
>   Installing: mesa-dri-drivers             ##################### [347/492]
> groupadd: failure while writing changes to /etc/group
> useradd: group 'polkitd' does not exist
>   Installing: polkit                                            
> [348/492]warning: user polkitd does not exist - using root
> [snip]
>   Installing: alsa-utils                   ##################### [354/492]
> error: %pre(rpcbind-0.2.0-17.fc18.i686) scriptlet failed, exit status 6
> error: rpcbind-0.2.0-17.fc18.i686: install failed
> groupadd: failure while writing changes to /etc/group
> useradd: group 'chrony' does not exist
>   Installing: chrony                                            
> [356/492]warning: group chrony does not exist - using root
>   Installing: chrony                       ####################  
> [356/492]warning: user chrony does not exist - using root
> warning: group chrony does not exist - using root
> warning: user chrony does not exist - using root
> warning: group chrony does not exist - using root
>   Installing: chrony                       ##################### [356/492]
> [snip]
>
> If I let it run through to completion and rerun the exact same
> command again, everything works normally.  I used to see this
> behavior for every build attempt prior to sssd coming along when I
> was still using nscd, if nscd was running.  Back then I'd have to
> stop nscd for the duration of the build.  I never had such a problem
> with sssd, but this looks eerily familiar now with F18 (where I'm
> still using sssd instead of nscd).
>
> Has anyone else seen something similar, or is this a known bug?  I
> have not had a chance to dig into this yet, but I've been seeing
> this with F18 since before Alpha was out.
>
> PS.  FWIW, this F18 box started life as F17 and was been yum distro-
> sync'd and kept updated.

I believe I've already found the problem.  On the host running livecd-creator, I'm seeing AVCs like:

type=AVC msg=audit(1349382348.700:114): avc:  denied  { read } for  pid=2748 comm="groupadd" name="run" dev="loop0" ino=16053 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
type=AVC msg=audit(1349382348.700:115): avc:  denied  { read } for  pid=2748 comm="groupadd" name="run" dev="loop0" ino=16053 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
type=ADD_GROUP msg=audit(1349382351.086:116): pid=2748 uid=0 auid=10325 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/gshadow acct="utmp" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/0 res=failed'
type=ADD_GROUP msg=audit(1349382351.087:117): pid=2748 uid=0 auid=10325 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding group to /etc/group acct="utmp" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/0 res=failed'
type=ADD_GROUP msg=audit(1349382351.087:118): pid=2748 uid=0 auid=10325 ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= acct="utmp" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/0 res=failed'

Why it only affects the first run of livecd-creator, I do not understand.  It looks like I'm being bitten by https://bugzilla.redhat.com/show_bug.cgi?id=858373.
--
John Florian 
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux