Re: Odd user/group identity lookup problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2012-10-06 at 06:45 -0400, Daniel J Walsh wrote:
> On 10/04/2012 10:12 PM, Adam Williamson wrote:
> > On Thu, 2012-10-04 at 16:32 -0400, John.Florian@xxxxxxxx wrote:
> > 
> >> I believe I've already found the problem.  On the host running 
> >> livecd-creator, I'm seeing AVCs like:
> > 
> > Yeah, it's selinux. I've just been running setenforce Permissive when I 
> > want to build live images. That used to be how it was for years anyhow, it
> > only started working in Enforcing mode a couple of releases back, so I
> > didn't figure it was a major issue.
> > 
> What AVC's are you seeing?

SELinux is preventing /usr/sbin/useradd from read access on the lnk_file
run.

type=AVC msg=audit(1349476458.298:737): avc:  denied  { read } for
pid=10030 comm="useradd" name="run" dev="loop0" ino=1094
scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file

type=SYSCALL msg=audit(1349476458.298:737): arch=x86_64 syscall=connect
success=no exit=ENOENT a0=5 a1=7fff5acdbc10 a2=6e a3=100 items=0
ppid=10025 pid=10030 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 ses=1 comm=useradd exe=/usr/sbin/useradd
subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 key=(null)

------------------------

type=AVC msg=audit(1349476460.104:739): avc:  denied  { read } for
pid=10090 comm="groupadd" name="run" dev="loop0" ino=1094
scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file


type=SYSCALL msg=audit(1349476460.104:739): arch=x86_64 syscall=connect
success=no exit=ENOENT a0=4 a1=7fffac61a650 a2=6e a3=400 items=0
ppid=10088 pid=10090 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts2 ses=1 comm=groupadd exe=/usr/sbin/groupadd
subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null)

Happens each time a package being installed into the live image
environment tries to create a user or group.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux