Bug 175354
Summary: | Failure of postinstall script to change security context | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stephen Biggs <bugzilla-redhat> |
Component: | libannodex | Assignee: | Thomas Vander Stichele <thomas> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | dennis, extras-qa, hdegoede, walters |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-10 01:27:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephen Biggs
2005-12-09 10:16:25 UTC
Colin, the relevant post line reads: chcon -t texrel_shlib_t %{_libdir}/libannodex.so.* what should I do about this ? I think you mentioned getting something in selinux-policy ? Stephen, does this problem actually fail the install ? AFAICT all that would be happening is that it prints the two lines - is that correct ? I don't think it fails install. It shows as installed in RPM's list. However, IMHO, I think that it should fail, even if it doesn't currently. I think that it is worse if it actually goes ahead and is installed with this kind of error. This is a library that ends up with the default security context instead of what the author intended. That is, if the author or maintainer have good reasons to be changing security contexts and it is not changed correctly, then it should be failing the install. It is an exploit waiting to happen. But, on the other hand, if there aren't any good reasons to be messing with the security context in the first place, then why bother? this hasn't been touched in awhile, Is this still true? has anything been done to have the changes added to the default selinux policy? I really can't comment further, I don't understand selinux well enough and could really use someone with more knowledge to look at this. has this happened at all with the latest package, 0.7.3-3.fc4 ? The information we've requested above is required in order to review this problem report further and diagnose/fix the issue if it is still present. Since there have not been any updates to the report since thirty (30) days or more since we requested additional information, we're assuming the problem is either no longer present in the current Fedora release, or that there is no longer any interest in tracking the problem. Setting status to "INSUFFICIENT_DATA". If you still experience this problem after updating to our latest Fedora release and can provide the information previously requested, please feel free to reopen the bug report. Thank you in advance. |