Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 132739
| Summary: | SELinux interferes with authconfig (nscd) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Reed <djr> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | CC: | drepper, walters |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-10-30 05:16:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 130887, 133652 | ||
Fixed in selinux-policy-targeted-1.17.19-2 I certainly have nscd now running with the targeted policy. Closing. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Epiphany/1.3.8 Description of problem: Stopping portmap: [ OK ] Starting portmap: audit(1095348109.539:0): avc: denied { read write } for pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443 scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t tclass=chr_file audit(1095348109.542:0): avc: denied { read write } for pid=4082 exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443 scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t tclass=chr_file [ OK ] Binding to the NIS domain: [ OK ] Listening for an NIS domain server. Stopping nscd: audit(1095348110.117:0): avc: denied { search } for pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696 scontext=root:system_r:nscd_t tcontext=system_u:object_r:selinux_config_t tclass=dir audit(1095348110.124:0): avc: denied { read } for pid=4119 exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800 scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file audit(1095348110.132:0): avc: denied { read } for pid=4119 exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451 scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t tclass=file [FAILED] Starting nscd: audit(1095348110.165:0): avc: denied { search } for pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696 scontext=root:system_r:nscd_t tcontext=system_u:object_r:selinux_config_t tclass=dir audit(1095348110.176:0): avc: denied { read } for pid=4124 exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480 scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file audit(1095348110.189:0): avc: denied { read } for pid=4124 exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451 scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t tclass=file [FAILED] Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.16-2 Steps to Reproduce: 1. Install FC3-re0915.2 2. Do not specify any network ident./auth. during firstboot 3. Run authconfig from console 4. Specify caching, NIS, and Kerberos Actual Results: Identity and authentication services do reconfigure properly, but there is a large spew, and nscd fails to start.