https://bugzilla.redhat.com/show_bug.cgi?id=1109537
Bug ID: 1109537 Summary: gear command line cannot be run with a confined user Product: Fedora Version: 20 Component: geard Assignee: lsm5@redhat.com Reporter: misc@zarb.org QA Contact: extras-qa@fedoraproject.org CC: admiller@redhat.com, golang@lists.fedoraproject.org, lsm5@redhat.com
Description of problem: $ gear zsh: permission denied: gear
$ id -Z staff_u:staff_r:staff_t:s0-s0:c0.c1023
WIth setenforce 0, it work fine.
# rpm -q selinux-policy selinux-policy-3.12.1-166.fc20.noarch
I am not sure if gear can be run as a simple user, but i would at least expect to be able to see the command line options, since there is no manpage.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
John Skeoch jskeoch@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|lsm5@redhat.com |jkeck@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
Lokesh Mandvekar lsm5@switzerlandmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lsm5@switzerlandmail.ch Assignee|jkeck@redhat.com |lsm5@switzerlandmail.ch
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
Lokesh Mandvekar lsm5@switzerlandmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|jkeck@redhat.com |dwalsh@redhat.com
--- Comment #2 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- Hi Michael,
Is this with the latest build? Works fine for me in Enforcing.
$ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ rpm -q selinux-policy selinux-policy-3.13.1-63.fc21.noarch
$ rpm -q geard geard-0-0.13.git6850c8d.fc21.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #3 from Michael Scherer misc@zarb.org --- You are in enforcing, but without a confined user.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #4 from Lokesh Mandvekar lsm5@switzerlandmail.ch --- argh, I see...nvm me.
Perhaps dwalsh has an answer.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
Daniel Walsh dwalsh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #5 from Daniel Walsh dwalsh@redhat.com --- Is there a reason for a normal (Non admin) user to run this?
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #6 from Michael Scherer misc@zarb.org --- Well, in my case, it was to read the options and help. I think it can also be used to manage a remote geard agent.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #7 from Daniel Walsh dwalsh@redhat.com --- Currently we don't allow staff_t to execute all applications, I guess we could allow that.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #8 from Lokesh Mandvekar lsm5@fedoraproject.org --- Michael,
geard has been retired on fedora. Perhaps this can be closed?
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
--- Comment #9 from Michael Scherer misc@zarb.org --- I guess someone could autoclose all tickets for it, yeah.
https://bugzilla.redhat.com/show_bug.cgi?id=1109537
Lokesh Mandvekar lsm5@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |WONTFIX Last Closed| |2014-09-28 09:06:26
--- Comment #10 from Lokesh Mandvekar lsm5@fedoraproject.org --- Package retired, bug closed.
golang@lists.fedoraproject.org