Bug 177439
Summary: | SELinux MLS compatibility | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | James Morris <jmorris> | ||||||
Component: | kernel | Assignee: | James Morris <jmorris> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 4.0 | CC: | bernd.bartmann, jbaron, rmy, sdsmall | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | RHSA-2006-0575 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-08-10 21:51:08 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 181409 | ||||||||
Attachments: |
|
Description
James Morris
2006-01-10 18:04:59 UTC
Created attachment 123215 [details]
Proposed patch
This patch causes us to ignore the MLS field from disk if MLS is disabled (I
know we disable it at compile time, but just in case someone recompiles the
kernel, and to make it clear).
We just check that there is another field, but do no validation of the field
itself.
Created attachment 123305 [details]
Updated patch
This patch ensures we only ignore the MLS field when initializing inode
security, and not for all contexts in the system.
Acked-by: Stephen Smalley <sds.gov>
Even with this fix included you have to make sure that you update your RHES4 kernel before installing FC5 and even more worse this only works for Red Hat alike distributions. All other Selinux enabled distributions that don't have this fix will this break when trying to update a kernel if you have a shared /boot partition. Other distributions will either need to apply this patch or use a newer upstream kernel (where it is fixed already). Has this fix gone into a RHEL4 update yet? It's been posted internall, does not appear to have been applied to the tree yet. Jason, please advise of the status of the patch. i have it queued for today's build...i'll update the bug when its finally merged. thanks. committed in stream U4 build 34.14. A test kernel with this patch is available from http://people.redhat.com/~jbaron/rhel4/ I've just tried the 34.14 test kernel with my shared /home which has FC5 file contexts on it. It seems to be working as intended. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0575.html |