On Sat, 2012-10-06 at 06:45 -0400, Daniel J Walsh wrote: > On 10/04/2012 10:12 PM, Adam Williamson wrote: > > On Thu, 2012-10-04 at 16:32 -0400, John.Florian@xxxxxxxx wrote: > > > >> I believe I've already found the problem. On the host running > >> livecd-creator, I'm seeing AVCs like: > > > > Yeah, it's selinux. I've just been running setenforce Permissive when I > > want to build live images. That used to be how it was for years anyhow, it > > only started working in Enforcing mode a couple of releases back, so I > > didn't figure it was a major issue. > > > What AVC's are you seeing? SELinux is preventing /usr/sbin/useradd from read access on the lnk_file run. type=AVC msg=audit(1349476458.298:737): avc: denied { read } for pid=10030 comm="useradd" name="run" dev="loop0" ino=1094 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1349476458.298:737): arch=x86_64 syscall=connect success=no exit=ENOENT a0=5 a1=7fff5acdbc10 a2=6e a3=100 items=0 ppid=10025 pid=10030 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm=useradd exe=/usr/sbin/useradd subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 key=(null) ------------------------ type=AVC msg=audit(1349476460.104:739): avc: denied { read } for pid=10090 comm="groupadd" name="run" dev="loop0" ino=1094 scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file type=SYSCALL msg=audit(1349476460.104:739): arch=x86_64 syscall=connect success=no exit=ENOENT a0=4 a1=7fffac61a650 a2=6e a3=400 items=0 ppid=10088 pid=10090 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm=groupadd exe=/usr/sbin/groupadd subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 key=(null) Happens each time a package being installed into the live image environment tries to create a user or group. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test