Bug 133380

Summary: rc.sysinit needs extra parameter when running restorecon for SE Linux
Product: [Fedora] Fedora Reporter: Russell Coker <russell>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-23 18:32:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 131774    

Description Russell Coker 2004-09-23 16:53:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
/sbin/restorecon  /dev/* 2> /dev/null

The above line is currently in rc.sysinit to label tmpfs /dev.  It needs to be replaced with the below line to allow LVM systems to boot with strict policy.

/sbin/restorecon  /dev/* /dev/*/* 2> /dev/null


Version-Release number of selected component (if applicable):
7.82-1

How reproducible:
Always

Steps to Reproduce:
Install the strict policy on a system with LVM root and watch it fail to boot in enforcing mode.

Additional info:

Comment 1 Russell Coker 2004-09-23 17:15:13 UTC
/sbin/restorecon  /dev/* /dev/.udev.tdb /dev/*/* 2> /dev/null 
 
Actually it should be the above.  Sorry, I fixed one bug only to 
find another. 
 
Also don't bother testing the fix, with the current policy in 
rawhide it probably won't work anyway (any situation in which it's 
needed things won't work). 

Comment 2 Bill Nottingham 2004-09-23 18:32:02 UTC
Fixed in CVS.