Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 132739 - SELinux interferes with authconfig (nscd)
Summary: SELinux interferes with authconfig (nscd)
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC3Blocker FC3BugWeekQA
TreeView+ depends on / blocked
 
Reported: 2004-09-16 15:32 UTC by Daniel Reed
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-30 05:16:39 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Daniel Reed 2004-09-16 15:32:13 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
Stopping portmap:                                          [  OK  ]
Starting portmap: audit(1095348109.539:0): avc:  denied  { read write
} for  pid=4082 exe=/sbin/portmap name=tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
audit(1095348109.542:0): avc:  denied  { read write } for  pid=4082
exe=/sbin/portmap path=/dev/tty1 dev=tmpfs ino=1443
scontext=root:system_r:portmap_t tcontext=root:object_r:tty_device_t
tclass=chr_file
                                                           [  OK  ]
Binding to the NIS domain:                                 [  OK  ]
Listening for an NIS domain server.
Stopping nscd: audit(1095348110.117:0): avc:  denied  { search } for 
pid=4119 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.124:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=mounts dev=proc ino=269942800
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.132:0): avc:  denied  { read } for  pid=4119
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]
Starting nscd: audit(1095348110.165:0): avc:  denied  { search } for 
pid=4124 exe=/usr/sbin/nscd name=selinux dev=hda3 ino=98696
scontext=root:system_r:nscd_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
audit(1095348110.176:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=mounts dev=proc ino=270270480
scontext=root:system_r:nscd_t tcontext=root:system_r:nscd_t tclass=file
audit(1095348110.189:0): avc:  denied  { read } for  pid=4124
exe=/usr/sbin/nscd name=filesystems dev=proc ino=-268435451
scontext=root:system_r:nscd_t tcontext=system_u:object_r:proc_t
tclass=file
                                                           [FAILED]


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.16-2

Steps to Reproduce:
1. Install FC3-re0915.2
2. Do not specify any network ident./auth. during firstboot
3. Run authconfig from console
4. Specify caching, NIS, and Kerberos
    

Actual Results:  Identity and authentication services do reconfigure
properly, but there is a large spew, and nscd fails to start.
Comment 1 Daniel Walsh 2004-09-21 20:48:56 UTC 
Fixed in selinux-policy-targeted-1.17.19-2
Comment 3 Ulrich Drepper 2004-10-30 05:16:39 UTC 
I certainly have nscd now running with the targeted policy.  Closing.
Note You need to log in before you can comment on or make changes to this bug.