SELINUX_ERR during update of libgnome
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 21 05:58:23 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom London wrote:
> More from today's update, this time running permissive:
>
> type=SELINUX_ERR msg=audit(1198161003.852:35): security_compute_sid:
> invalid context unconfined_u:unconfined_r:useradd_t:s0 for
> scontext=unconfined_u:unconfined_r:rpm_script_t:s0
> tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process
> type=SYSCALL msg=audit(1198161003.852:35): arch=40000003 syscall=11
> success=yes exit=0 a0=81c0ee8 a1=81c0248 a2=81bfbc8 a3=0 items=0
> ppid=4036 pid=4037 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 comm="useradd" exe="/usr/sbin/useradd"
> subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null)
> type=USER_CHAUTHTOK msg=audit(1198161003.958:36): user pid=4037 uid=0
> auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=adding
> user acct=gdm exe="/usr/sbin/useradd" (hostname=?, addr=?, terminal=?
> res=failed)'
> type=SELINUX_ERR msg=audit(1198161003.960:37): security_compute_sid:
> invalid context unconfined_u:unconfined_r:useradd_t:s0 for
> scontext=unconfined_u:unconfined_r:rpm_script_t:s0
> tcontext=system_u:object_r:useradd_exec_t:s0 tclass=process
> type=SYSCALL msg=audit(1198161003.960:37): arch=40000003 syscall=11
> success=yes exit=0 a0=81c0058 a1=81bfda0 a2=81bfe38 a3=0 items=0
> ppid=4036 pid=4038 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 comm="usermod" exe="/usr/sbin/usermod"
> subj=unconfined_u:unconfined_r:useradd_t:s0 key=(null)
> type=USER_CHAUTHTOK msg=audit(1198161003.993:38): user pid=4038 uid=0
> auid=500 subj=unconfined_u:unconfined_r:useradd_t:s0 msg='op=changing
> user shell acct=gdm exe="/usr/sbin/usermod" (hostname=?, addr=?,
> terminal=? res=success)'
>
> from around here:
> Updating : gtk2-devel ####################### [19/62]
> Updating : gdm ####################### [20/62]
> Updating : ipsec-tools ####################### [21/62]
>
>
> I'd like to understand the issue here.
>
> Is the error message saying that a transition to
> unconfined_u:unconfined_r:useradd_t:s0 from
> scontext=unconfined_u:unconfined_r:rpm_script_t:s0 hasn't be allowed?
>
> tom
Yes this is saying the unconfined_r:rpm_script_t can not transition to
unconfined_r:useradd_t
This is an RBAC problem. Tomorrows policy will transtion from
unconfined_r to system_r when unconfined_t runs rpm.
This should fix the problem. I am fully turning on RBAC and will
probably have some hiccups.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHa1X+rlYvE4MpobMRAmqmAJ9frDkWz/m+fK/LrhaQvNSq18HlQgCgo8C1
qTnOhZyX46wY4laQeWDWMyM=
=JjwJ
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list