Bug 159946

Summary: New SELinux Targeted policy changes type for /var/log
Product: Red Hat Enterprise Linux 4 Reporter: Peter Snoblin <peter.snoblin>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 4.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-09 18:14:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Snoblin 2005-06-09 15:54:30 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
The latest update to selinux-policy-targeted changed the type specified for /var/log from var_log_t to home_root_t. These changes occured in /etc/selinux/targeted/src/policy/file_contexts/file_contexts.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.88

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to selinux-policy-targeted-1.17.30-2.88
2. Run restorecon -R /var/log

Actual Results:  The type of /var/log was set to home_root_t.

Expected Results:  The type of /var/log should have been var_log_t.

Additional info:

This doesn't seem to be a problem for the policies set forth in the selinux-policy-targeted package, however it was an issue as we use a custom policy to govern snort.
Comment 1 Peter Snoblin 2005-06-09 16:08:30 UTC 
I just pushed the update to another box, with a nearly identical configuration.
The odd thing here is that this issue did not arise on this second system. The
changes in question were nowhere to be found, and the labeling on /var/log
remained as it should. Yet, on the first machine, this was not an issue until
the upgrade. I'm not sure what's going on here...
Comment 2 Daniel Walsh 2005-06-09 17:55:01 UTC 
Do you have a entry in /etc/passwd with an homedir in /var/log?

Dan
Comment 3 Peter Snoblin 2005-06-09 18:05:24 UTC 
One, the 'snort' user has a homedir at '/var/log/snort' -- however this user
exists on both systems, and the sole difference between the two is the uid.
Comment 4 Daniel Walsh 2005-06-09 18:10:40 UTC 
If the snort UID is > 500 and has a shell of something other than /sbin/nologin
or /bin/false  This could happen.  Change the UID or the shell and reload
policy, should clear it up.

Dan
Comment 5 Peter Snoblin 2005-06-09 18:14:33 UTC 
Ahh, that makes a lot sense!
Thanks for the help, and sorry about bugging you with something so silly.