Bug 1308698
Summary: | SELinux file contexts for RHCI ISO | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Thom Carlin <tcarlin> |
Component: | SELinux | Assignee: | Lukas Zapletal <lzap> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2.0 | CC: | lvrabec, mgrepl, tcarlin |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-23 11:34:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thom Carlin
2016-02-15 19:22:53 UTC
/root/.config and /root/.Xauthority appear to be GNOME configuration files. I'm unclear why they have the wrong context. The *corrected* file contexts match the policy in the system Per QCI devs, switching to Sat 6 This is a bug in RHEL (SELinux tools) as we use context aliases. We can't do much about it. Asking Mirek to confirm. (In reply to Lukas Zapletal from comment #8) > This is a bug in RHEL (SELinux tools) as we use context aliases. We can't do > much about it. Asking Mirek to confirm. Could you elaborate it more? You told me the oher day that if there's an alias defined, restorecon might restore the context incorrectly. And that's what I suppose is happening right here. Anyway I was wrong, this is not the case, sorry and ignore. Thom, I am unable to reproduce this in Satellite 6.3. Fresh install: restorecon -RFvv /etc /usr/share/foreman restorecon reset /etc/yum/pluginconf.d/langpacks.conf context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0 restorecon reset /etc/mail/virtusertable.db context system_u:object_r:etc_mail_t:s0->system_u:object_r:etc_aliases_t:s0 restorecon reset /etc/mail/access.db context system_u:object_r:etc_mail_t:s0->system_u:object_r:etc_aliases_t:s0 restorecon reset /etc/mail/domaintable.db context system_u:object_r:etc_mail_t:s0->system_u:object_r:etc_aliases_t:s0 restorecon reset /etc/mail/mailertable.db context system_u:object_r:etc_mail_t:s0->system_u:object_r:etc_aliases_t:s0 restorecon reset /etc/mail/aliasesdb-stamp context system_u:object_r:etc_mail_t:s0->system_u:object_r:etc_aliases_t:s0 restorecon reset /etc/selinux/strict/active context system_u:object_r:semanage_store_t:s0->system_u:object_r:selinux_config_t:s0 restorecon reset /etc/selinux/strict/active/modules context system_u:object_r:semanage_store_t:s0->system_u:object_r:selinux_config_t:s0 restorecon reset /etc/chrony.conf.orig context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0 restorecon reset /etc/beah_beaker.conf.default context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0 restorecon reset /etc/beah.conf.default context system_u:object_r:etc_runtime_t:s0->system_u:object_r:etc_t:s0 All files are labelled fine. Please provide Satellite 6 reproducer or talk to RHCI devs to fix your policy if you changed something. lzap: Seems reasonable to me. Since this was opened so long ago and things have changed dramatically with QCI, closing as currentrelease. Will reopen with reproducer or open a new case if this reoccurs. |