Various problems on fresh FC2 install

David Balazic david.balazic at hermes.si
Sat Jun 12 11:34:25 UTC 2004 

Hi!

I discovered more problems with SELinux. I will describe each and wait for
your comment ;-)

This is all on a  fresh clean install of FC2 with SELinux enabled. ( I did
once run "fixfiles relabel" )

========

root under context root:staff_r:staff_t can not use rpm -q :

NOTE: onyl when writing this mail I noticed, that it actually prints 
the expected output. Are the audit messages a problem ?
I think I did not see them when running under the root:sysadm_r:sysadm_t
context


Fedora Core release 2 (Tettnang)
Kernel 2.6.5-1.358 on an i686

localhost login: root
Password:
Your default context is root:sysadm_r:sysadm_t.

Do you want to choose a different one? [n]y
[2] root:staff_r:staff_t
Enter number of choice: 2
Last login: Fri Jun 11 19:37:37 on tty2
[root at localhost root]# rpm -q kernel
audit(1086975532.470:0): avc:  denied  { dac_override } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=1 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
audit(1086975532.470:0): avc:  denied  { dac_read_search } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=2 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
audit(1086975532.472:0): avc:  denied  { dac_override } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=1 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
audit(1086975532.472:0): avc:  denied  { dac_read_search } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=2 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
audit(1086975532.489:0): avc:  denied  { dac_override } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=1 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
audit(1086975532.489:0): avc:  denied  { dac_read_search } for  pid=2612
exe=/usr/lib/rpm/rpmq capability=2 scontext=root:staff_r:staff_t
tcontext=root:staff_r:staff_t tclass=capability
kernel-2.6.5-1.358
kernel-2.4.22-1.2061.nptl
[root at localhost root]#
========

grub fails with the default root root:sysadm_r:sysadm_t :

[root at localhost root]# grub
Probing devices to guess BIOS drives. This may take a long time.
audit(1086973995.955:0): avc:  denied  { read } for  pid=2576 exe=/sbin/grub
name=linux dev=hde2 ino=148612 scontext=root:sysadm_r:bootloader_t
tcontext=system_u:object_r:usr_t tclass=file
Error opening terminal: linux.
[root at localhost root]#

it works with [2] root:staff_r:staff_t

grub-install does not work at all :

[root at localhost root]# grub-install  /dev/hde # this is root:staff_r:staff_t
audit(1086974024.461:0): avc:  denied  { write } for  pid=3140 exe=/bin/rm
name=grub dev=hde1 ino=9841 scontext=root:staff_r:staff_t
tcontext=system_u:object_r:boot_t tclass=dir
rm: cannot remove `/boot/grub/stage1': Permission denied
[root at localhost root]#

[root at localhost root]# grub-install  /dev/hde # root:sysadm_r:sysadm_t
audit(1086974089.530:0): avc:  denied  { read } for  pid=3193 exe=/bin/cp
name=stage1 dev=hde2 ino=180241 scontext=root:sysadm_r:bootloader_t
tcontext=system_u:object_r:usr_t tclass=file
cp: cannot open `/usr/share/grub/i386-redhat/stage1' for reading: Permission
denied

==================

tvtime can not acces /dev/rtc and /dev/video0 :

[stein at localhost stein]$ tvtime
Running tvtime 0.9.12.
rtctimer: Cannot open /dev/rtc: Permission denied
rtctimer: Cannot open /dev/misc/rtc: No such file or directory
 
    Enhanced Real Time Clock support in your kernel is necessary for
    smooth video.  We strongly recommend that you load the 'rtc' kernel
    module before starting tvtime, and make sure that your user has
    access to the device file (/dev/rtc or /dev/misc/rtc).  See our
    support page at http://tvtime.net/ for more information.
 
Reading configuration from /etc/tvtime/tvtime.xml
Reading configuration from /home/stein/.tvtime/tvtime.xml
videoinput: Cannot open capture device /dev/video0: Permission denied
Thank you for using tvtime.
[stein at localhost stein]$ rpm -q tvtime
tvtime-0.9.12-5

==================

Regards,
David
----------------------------------------------------------------------------
-----------
http://noepatents.org/           Innovation, not litigation !
---
David Balazic                      mailto:david.balazic at hermes.si
HERMES Softlab                 http://www.hermes-softlab.com
Zagrebska cesta 104            Phone: +386 2 450 8851 
SI-2000 Maribor
Slovenija
----------------------------------------------------------------------------
-----------
"Be excellent to each other." -
Bill S. Preston, Esq. & "Ted" Theodore Logan
----------------------------------------------------------------------------
-----------

More information about the fedora-selinux-list mailing list