Bug 1684221

Summary: The files /usr/sbin/dumpe2fs and /usr/sbin/e2mmpstatus should have the same rules for restorecon.
Product: [Fedora] Fedora Reporter: Villy Kruse <ppywlkiqletw>
Component: selinux-policy-targetedAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: high Docs Contact:
Priority: medium    
Version: 29CC: dwalsh, mschorm
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-15 18:29:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Villy Kruse 2019-02-28 18:27:01 UTC 
Description of problem:

When running restorecon on /usr/sbin the files /usr/sbin/dumpe2fs and /usr/sbin/e2mmpstatus (which are hardlinks to each other) are fixed in an inconsitent way.

Version-Release number of selected component (if applicable):


How reproducible:

Always

Steps to Reproduce:
1.  Have the package e2fsprogs installed
2.  Run restorecon -v -R /usr/sbin
3.

Actual results:

[root@mybox selinux]# restorecon -v -R /usr
Relabeled /usr/sbin/dumpe2fs from system_u:object_r:bin_t:s0 to system_u:object_r:fsadm_exec_t:s0
Relabeled /usr/sbin/e2mmpstatus from system_u:object_r:fsadm_exec_t:s0 to system_u:object_r:bin_t:s0


Expected results:

These files gets fixed in a consistent way.

Additional info:

The files are actually hardlinks to each other and therefore must have the same SELinux label.

ls -li /usr/sbin/dumpe2fs /usr/sbin/e2mmpstatus
1313471 -rwxr-xr-x. 2 root root 37312 Jan 31 19:08 /usr/sbin/dumpe2fs


The file /etc/selinux/targeted/contexts/files/file_contexts contains the following

/sbin/e2mmpstatus    --      system_u:object_r:fsadm_exec_t:s0
/sbin/dumpe2fs       --      system_u:object_r:fsadm_exec_t:s0
/usr/sbin/dumpe2fs   --      system_u:object_r:fsadm_exec_t:s0

Missing is the definition for /usr/sbin/e2mmpstatus.




1313471 -rwxr-xr-x. 2 root root 37312 Jan 31 19:08 /usr/sbin/e2mmpstatus
Comment 1 Lukas Vrabec 2019-03-04 12:44:02 UTC 
*** Bug 1684785 has been marked as a duplicate of this bug. ***
Comment 2 Lukas Vrabec 2019-03-04 12:49:15 UTC 
commit 8bb6994251b09ee68d9695861b3b63fb60d45826 (HEAD -> f29)
Author: Lukas Vrabec <lvrabec>
Date:   Mon Mar 4 13:47:58 2019 +0100

    Label /usr/sbin/e2mmpstatus as fsadm_exec_t
    Resolves: rhbz#1684221
Comment 3 Fedora Update System 2019-03-12 18:37:38 UTC 
selinux-policy-3.14.2-51.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cc36fafbb
Comment 4 Fedora Update System 2019-03-12 23:41:24 UTC 
selinux-policy-3.14.2-51.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cc36fafbb
Comment 5 Fedora Update System 2019-03-15 18:29:17 UTC 
selinux-policy-3.14.2-51.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.