Odd user/group identity lookup problem

John.Florian at dart.biz John.Florian at dart.biz
Thu Oct 4 20:32:10 UTC 2012 

John Florian/EngMOp/MAS/DCC wrote on 10/04/2012 14:50:10:
> I'm building F18 images with livecd-creator on F18 and for the first
> build attempt after boot, I see many unexpected errors like this 
> snippet shows:
> 
> [snip]
>   Installing: libsemanage                  ##################### 
[315/492] 
>   Installing: shadow-utils                 ##################### 
[316/492] 
> groupadd: failure while writing changes to /etc/group
> groupadd: failure while writing changes to /etc/group
>   Installing: libutempter                  ### 
> [317/492]warning: group utempter does not exist - using root
> warning: group utmp does not exist - using root
>   Installing: libutempter                  ##################### 
[317/492] 
> [snip]
>   Installing: parted                       ##################### 
[331/492] 
> groupadd: failure while writing changes to /etc/group
> useradd: group 'dhcpd' does not exist
>   Installing: dhcp                         #################### 
> [332/492]warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
> warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
> warning: user dhcpd does not exist - using root
> warning: group dhcpd does not exist - using root
>   Installing: dhcp                         ##################### 
[332/492] 
> [snip]
>   Installing: os-prober                    ##################### 
[335/492] 
> groupadd: failure while writing changes to /etc/group
>   Installing: openssh                      ########## 
> [336/492]warning: group ssh_keys does not exist - using root
> [snip]
>   Installing: samba-common                 ##################### 
[338/492] 
> Failed to initialize SELinux context: No such file or directory
>   Installing: iputils                      ##################### 
[339/492] 
> [snip]
>   Installing: mesa-dri-drivers             ##################### 
[347/492] 
> groupadd: failure while writing changes to /etc/group
> useradd: group 'polkitd' does not exist
>   Installing: polkit 
> [348/492]warning: user polkitd does not exist - using root
> [snip]
>   Installing: alsa-utils                   ##################### 
[354/492] 
> error: %pre(rpcbind-0.2.0-17.fc18.i686) scriptlet failed, exit status 6
> error: rpcbind-0.2.0-17.fc18.i686: install failed
> groupadd: failure while writing changes to /etc/group
> useradd: group 'chrony' does not exist
>   Installing: chrony 
> [356/492]warning: group chrony does not exist - using root
>   Installing: chrony                       #################### 
> [356/492]warning: user chrony does not exist - using root
> warning: group chrony does not exist - using root
> warning: user chrony does not exist - using root
> warning: group chrony does not exist - using root
>   Installing: chrony                       ##################### 
[356/492] 
> [snip]
> 
> If I let it run through to completion and rerun the exact same 
> command again, everything works normally.  I used to see this 
> behavior for every build attempt prior to sssd coming along when I 
> was still using nscd, if nscd was running.  Back then I'd have to 
> stop nscd for the duration of the build.  I never had such a problem
> with sssd, but this looks eerily familiar now with F18 (where I'm 
> still using sssd instead of nscd).
> 
> Has anyone else seen something similar, or is this a known bug?  I 
> have not had a chance to dig into this yet, but I've been seeing 
> this with F18 since before Alpha was out.
> 
> PS.  FWIW, this F18 box started life as F17 and was been yum distro-
> sync'd and kept updated.

I believe I've already found the problem.  On the host running 
livecd-creator, I'm seeing AVCs like:

type=AVC msg=audit(1349382348.700:114): avc:  denied  { read } for 
pid=2748 comm="groupadd" name="run" dev="loop0" ino=16053 
scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
type=AVC msg=audit(1349382348.700:115): avc:  denied  { read } for 
pid=2748 comm="groupadd" name="run" dev="loop0" ino=16053 
scontext=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 
tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
type=ADD_GROUP msg=audit(1349382351.086:116): pid=2748 uid=0 auid=10325 
ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding 
group to /etc/gshadow acct="utmp" exe="/usr/sbin/groupadd" hostname=? 
addr=? terminal=pts/0 res=failed'
type=ADD_GROUP msg=audit(1349382351.087:117): pid=2748 uid=0 auid=10325 
ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op=adding 
group to /etc/group acct="utmp" exe="/usr/sbin/groupadd" hostname=? addr=? 
terminal=pts/0 res=failed'
type=ADD_GROUP msg=audit(1349382351.087:118): pid=2748 uid=0 auid=10325 
ses=2 subj=unconfined_u:system_r:groupadd_t:s0-s0:c0.c1023 msg='op= 
acct="utmp" exe="/usr/sbin/groupadd" hostname=? addr=? terminal=pts/0 
res=failed'

Why it only affects the first run of livecd-creator, I do not understand. 
It looks like I'm being bitten by 
https://bugzilla.redhat.com/show_bug.cgi?id=858373.
--
John Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20121004/0fe95634/attachment.html>

More information about the test mailing list