[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwd in chroot / You may not view or modify password information for USER

On Mon, Feb 26, 2007 at 03:12:44AM +0000, Steve Kemp wrote:
> On Sun, Feb 25, 2007 at 10:07:48PM -0500, Nelson Castillo wrote:
> > The partition in which the chroot is is not mounted with the nodev option.
> > It's mounted with ext3,defaults, just as / is.
> > 
> > This is the strace I got:
> > 
> > http://wiki.superservicios.gov.co:81/~n/strace.txt
>   Looking that over this appears to be a SELinux thing.
Both FC and Debian have SELinux support. AFAIK, FC has it active by
default('enforcing mode') while Debian does not. On my sid system, I
have have SELinux active but not in 'enforce' mode. This means it does
not stop anything, but logs it if would.
>   The code obviously reads the current permissions of your
>  user:
>  open("/proc/self/task/25770/attr/current", O_RDONLY|O_LARGEFILE) = 4
>  read(4, "user_u:system_r:unconfined_t:s0-"..., 4095) = 43
>  close(4)                                = 0
'unconfined' means that it is not a restricted in what it can do, thus
is only limited by regualr unix permisions, which are check first
>   I'm not sure what that means..
>   Later there are two file accesses which fail:
>   open("/selinux/access", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory)
>   open("/selinux/enforce", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
>   I'd suggest disabling SELinux and seeing if that fixes it, if it
>  does then I guess you get to learn more about using it than I 
>  wish to right now ;)
SElinux uses a virtual filesystem, that is set in /etc/fstab, for
displaying and setting options like /proc. These are saying that this
virtual filesystem is not there.

From my gut, it doesn't seem like SELinux is getting in the way. I'd see
if FC has option to turn off SELinux as a kernel option or at least to
turn off enforcing mode by using /selinux or chaning the policy.
|  .''`.  == Debian GNU/Linux == |       my web site:           |
| : :' :      The  Universal     |mysite.verizon.net/kevin.mark/|
| `. `'      Operating System    | go to counter.li.org and     |
|   `-    http://www.debian.org/ |    be counted! #238656       |
|   my keysever: subkeys.pgp.net |     my NPO: cfsg.org         |

Attachment: signature.asc
Description: Digital signature

Reply to: