+++ This bug was initially created as a clone of Bug #1596499 +++
Description of problem:
During python3 adaptation in Fedora we've split /usr/sbin/rhn_check binary into /usr/sbin/rhn_check-$SUFFIX, where $SUFFIX is Python version (e.g 2.6 for el6 or 3.6 for F28) and into /usr/sbin/rhn_check which is a symlink to to /usr/sbin/rhn_check-$SUFFIX.
E.g. what has previously been:
ls -lZ /usr/sbin/rhn_check*
-rwxr-xr-x. root root system_u:object_r:rpm_exec_t:s0 /usr/sbin/rhn_check
Is now:
ls -lZ /usr/sbin/rhn_check*
lrwxrwxrwx. 1 root root system_u:object_r:bin_t:s0 13 May 30 11:41 /usr/sbin/rhn_check -> rhn_check-3.6
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0 15755 May 30 11:41 /usr/sbin/rhn_check-3.6
However the SELinux context has not yet been updated as new version has bin_t, instead rpm_exec_t which /usr/sbin/rhn_check previously had which causes some issues when rhn_check is executed by a daemon (rhnsd).
Version-Release number of selected component (if applicable):
rhn-client-tools-2.9.8-1.fc28.noarch
selinux-policy-targeted-3.14.1-32.fc28.noarch
How reproducible:
always
Steps to Reproduce:
1. install e.g. rhn-client-tools-2.7.16-1 which have just /usr/sbin/rhn_check
2. check context of /usr/sbin/rhn_check, it is: system_u:object_r:rpm_exec_t:s0
3. install latest version of rhn-client-tools which has python2/python3 split
4. /usr/sbin/rhn_check* has incorrect context as /usr/sbin/rhn_check is a symlink to actual binary.
Actual results:
Incorrect context for /usr/sbin/rhn_check*
Expected results:
/usr/sbin/rhn_check* has following context
system_u:object_r:rpm_exec_t:s0
Additional info:
Affects all versions of Fedora, RHEL as this change on our side has been done for all versions of Fedora and RHEL.
RHEL-6 is already in production phase 3, which means that only Critical impact Security Advisories and selected Urgent Priority Bug Fix Advisories may be addressed. Please see https://access.redhat.com/support/policy/updates/errata#Production_3_Phase for further information.
Since this bug does not meet the criteria, we'll close it as WONTFIX. Feel free to discuss this Bug with (Product Management)/Support Representative, if this is a critical issue for the customer/for you. Please provide business justification in such case.
This issue is fixed in Red Hat Enterprise Linux version 6+1/Fedora Rawhide/newer upstream release/is being tracked upstream.