Bug 216860
Summary: | LTC29343-LSPP : netlabelctl tool should print error when used incorrectly | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Issue Tracker <tao> |
Component: | netlabel_tools | Assignee: | James Antill <james.antill> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Tom Kincaid <tkincaid> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | iboverma, linda.knippers, paul.moore, sgrubb, tao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RC | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-08 00:48:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Issue Tracker
2006-11-22 12:31:20 UTC
LTC Owner is: suzukikp.com LTC Originator is: loulwa.com ---Problem Description--- netlabelctl command fails without any warning messages when the mgmt option is used with the wrong parameters Linux oracer3.ltc.austin.ibm.com 2.6.18-1.2747.2.1.el5.lspp.55 #1 SMP Fri Nov 10 12:21:43 EST 2006 x86_64 x86_64 x86_64 GNU/Linux Machine Type = x86_64 ---Steps to Reproduce--- Try the netlablectl command with the mgmt option as follows #netlabelctl cipsov4 add pass doi:1 tags:1 #netlabelctl mgmt del default #netlabelctl mgmt add default protocol:cipsov4,1 The last two commands should print some sort of error message since they really don't accept these parameters according to the man page. As per Klaus, security relevant tools should at least print some error message when used incorrectly ---Base System Tools Component Data--- Userspace tool common name: netlabel_tools The userspace tool has the following bit modes: both Userspace rpm: netlabel_tools-0.17-5.fc6 *Additional Instructions for loulwa / loulwa.com: netlabelctl failing silently gave the impression that the command was working when it really was not and no cipso labeling was added to the packets. LSPP bug, please also cc iboverma and sgrubb This event sent from IssueTracker by sfernand [Support Engineering Group] issue 107064 IBM, can we make this bug public? Update to issue 107064 by bugzilla >Action: These changes made by iboverma. >Bugzilla comment added: > IBM, can we make this bug public? >Flag(s) 'rhel-5.0.0?, blocker?, pm_ack+, devel_ack?' added >https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216860 We have no problem with you making this public. Stephanie Glass Red Hat Project Manager. This event sent from IssueTracker by Glen Johnson issue 107064 making it public. From Paul Moore: I am still unable to edit the BZ, please add the following response to the BZ entry. ******************************************************************************* This should be fixed in revision 29 of the netlabel_tools SVN repository. I'm not allowed to add attachments to this entry, so I am including the patch below: Index: CHANGELOG =================================================================== --- CHANGELOG (revision 28) +++ CHANGELOG (revision 29) @@ -5,6 +5,8 @@ ------------------------------------------------------------------------------ o Fixed some problems when printing CIPSOv4 and map information when not using the '-p' flag +o Always display an error message if an error occurred, based on patch from + Klaus Weidner <klaus> * Release Release 0.17 (September 28, 2006) ------------------------------------------------------------------------------ Index: netlabelctl/main.c =================================================================== --- netlabelctl/main.c (revision 28) +++ netlabelctl/main.c (revision 29) @@ -253,8 +253,7 @@ } ret_val = module_main(argc - optind - 1, argv + optind + 1); if (ret_val < 0) { - if (opt_pretty) - fprintf(stderr, MSG_ERR("%s\n"), nlctl_strerror(-ret_val)); + fprintf(stderr, MSG_ERR("%s\n"), nlctl_strerror(-ret_val)); ret_val = RET_ERR; } else ret_val = RET_OK; ******************************************************************************* -- paul moore linux security @ hp Fixed for RHEL-5 in netlabel_tools-0.17-9.el5.i386 QE ack for RHEL5. A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |