Bug 1759495

Summary: No SELinux context for /etc/named directory
Product: [Fedora] Fedora Reporter: Cédric Jeanneret <cjeanner>
Component: selinux-policy-targetedAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 30CC: cheimes, dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1759505 (view as bug list) Environment:
Last Closed: 2019-11-17 01:13:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1759505    

Description Cédric Jeanneret 2019-10-08 10:52:33 UTC 
Description of problem:

We're currently lacking proper SELinux context for /etc/named directory.

Version-Release number of selected component (if applicable):
3.14.3.46.fc30

How reproducible:
Always

Steps to Reproduce:
1. Ensure selinux-policy-targeted is installed and up to date
2. Run sudo semanage fcontext -l | grep named_conf_t


Actual results:
No match for /etc/named/ directory (only plain files)

Expected results:
We should match something like unbound:
/etc/named(/.*)?                                 regular files          system_u:object_r:named_conf_t:s0
(or filter only *.conf, or...)

Additional info:
This will be required for FreeIPA once https://github.com/freeipa/freeipa/pull/3725 is merged.
Comment 1 Lukas Vrabec 2019-10-08 11:13:49 UTC 
commit e3afa28f5ff79a59e5ef529bccd0dc28fea75226 (HEAD -> rawhide)
Author: Lukas Vrabec <lvrabec>
Date:   Tue Oct 8 13:12:00 2019 +0200

    Label /etc/named direcotory as named_conf_t BZ(1759495)

Fixed will be part of updates for Fedora 30+.
Comment 2 Fedora Update System 2019-10-23 07:00:27 UTC 
FEDORA-2019-d68c9e27f8 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
Comment 3 Fedora Update System 2019-10-25 19:34:02 UTC 
selinux-policy-3.14.3-50.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d68c9e27f8
Comment 4 Fedora Update System 2019-10-26 17:02:50 UTC 
FEDORA-2019-f83217e2bf has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
Comment 5 Fedora Update System 2019-10-27 03:54:48 UTC 
selinux-policy-3.14.3-51.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f83217e2bf
Comment 6 Fedora Update System 2019-11-03 14:10:50 UTC 
FEDORA-2019-70d80ad4bc has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
Comment 7 Fedora Update System 2019-11-04 02:10:14 UTC 
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-70d80ad4bc
Comment 8 Fedora Update System 2019-11-17 01:13:13 UTC 
selinux-policy-3.14.3-52.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.