Project

General

Profile

Bug #7021

When SELinux is enabled, the ncf-api-venv home is owned by root

Added by Alexis MOUSSET over 5 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Assignee:
Matthieu CERDA
Category:
System integration
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

type=AVC msg=audit(1437489622.784:688): avc:  denied  { setattr } for  pid=4835 comm="useradd" name="ncf-api-venv" dev="dm-1" ino=135910344 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1437489622.784:688): arch=c000003e syscall=92 success=no exit=-13 a0=7fff598f08e6 a1=3e5 a2=3e4 a3=6165726373662f72 items=0 ppid=4833 pid=4835 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1437489622.784:689): avc:  denied  { setattr } for  pid=4835 comm="useradd" name="ncf-api-venv" dev="dm-1" ino=135910344 scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1437489622.784:689): arch=c000003e syscall=90 success=no exit=-13 a0=7fff598f08e6 a1=1c0 a2=0 a3=3f items=0 ppid=4833 pid=4835 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 key=(null)
type=ADD_USER msg=audit(1437489622.784:690): pid=4835 uid=0 auid=1000 ses=5 subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 msg='op=adding home directory id=997 exe="/usr/sbin/useradd" hostname=? addr=? terminal=? res=success'
type=AVC msg=audit(1437489622.784:691): avc:  denied  { create } for  pid=4835 comm="useradd" name=".bash_logout" scontext=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1437489622.784:691): arch=c000003e syscall=2 success=no exit=-13 a0=7fa36fbb9c90 a1=241 a2=1a4 a3=6165726373662f72 items=0 ppid=4833 pid=4835 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5 comm="useradd" exe="/usr/sbin/useradd" subj=unconfined_u:system_r:useradd_t:s0-s0:c0.c1023 key=(null)

Related issues

Related to Rudder - Bug #7019: Could not upload inventory when SELinux is enabledReleasedBenoît PECCATTE2015-07-30Actions

Also available in: Atom PDF