Summary: | chsh doesn't work in enforcing mode in ~arch | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Amadeusz Sławiński <amade> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r12 upstream | ||
Package list: | Runtime testing required: | --- |
Description
Amadeusz Sławiński
2013-01-23 19:25:52 UTC
It also seems to require rights to execute nscd to flush its cache: """ # chsh Changing the login shell for root Enter the new value, or press ENTER for the default Login Shell [/bin/sh]: /bin/bash chsh: cannot execute /usr/sbin/nscd: Permission denied chsh: nscd exited with status 126 chsh: Failed to flush the nscd cache. chsh: cannot execute /usr/sbin/nscd: Permission denied chsh: nscd exited with status 126 chsh: Failed to flush the nscd cache. chsh: cannot execute /usr/sbin/nscd: Permission denied chsh: nscd exited with status 126 chsh: Failed to flush the nscd cache. """ Denials: """ type=AVC msg=audit(1359292385.975:238): avc: denied { execute } for pid=4814 comm="chsh" name="nscd" dev="dm-3" ino=1318296 scontext=root:sysadm_r:chfn_t tcontext=system_u:object_r:nscd_exec_t tclass=file type=AVC msg=audit(1359292435.537:256): avc: denied { execute } for pid=4833 comm="chsh" name="nscd" dev="dm-3" ino=1318296 scontext=root:staff_r:chfn_t tcontext=system_u:object_r:nscd_exec_t tclass=file type=AVC msg=audit(1359292435.541:257): avc: denied { execute } for pid=4834 comm="chsh" name="nscd" dev="dm-3" ino=1318296 scontext=root:staff_r:chfn_t tcontext=system_u:object_r:nscd_exec_t tclass=file type=AVC msg=audit(1359292435.546:258): avc: denied { execute } for pid=4835 comm="chsh" name="nscd" dev="dm-3" ino=1318296 scontext=root:staff_r:chfn_t tcontext=system_u:object_r:nscd_exec_t tclass=file """ Fixed in repo, will be in r12 rev 12 in main tree, ~arch'ed stabilized |