Bug 229329
Summary: | patch does not preserve context - resets to tmp_t | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Tim Waugh <twaugh> | |
Component: | patch | Assignee: | Tim Waugh <twaugh> | |
Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 5.0 | CC: | brads, dbaron, ebenes, gajownik, jorris, mkanat, nalin, omoris, pknirsch, sdsmall, vchepkov | |
Target Milestone: | --- | Keywords: | Reopened | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | patch-2.5.4-30.el5 | Doc Type: | Bug Fix | |
Doc Text: |
SELinux file contexts were not preserved on patched files. This has been corrected.
|
Story Points: | --- | |
Clone Of: | ||||
: | 616141 618215 (view as bug list) | Environment: | ||
Last Closed: | 2010-08-25 14:18:25 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 618215 |
Description
Tim Waugh
2007-02-20 11:38:44 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Since this bugzilla is in a component that is not approved for the current release, it has been closed with resolution deferred. You may reopen this bugzilla for consideration in the next release. This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. This request will be reviewed for a future Red Hat Enterprise Linux release. *** Bug 435526 has been marked as a duplicate of this bug. *** This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?". This still seems to be broken in latest Fedora and presumably RHEL-6. Using the same example case above after disabling restorecond yields the same behavior except that the files are labeled user_tmp_r rather than just tmp_t. Should this be cloned for Fedora, or is this something you have no intention of fixing? An strace of the patch command in the steps to reproduce shows that it does invoke chmod() and chown() but not setxattr() on the newly created files. Hmm...actually, behavior depends on whether you have a separate mount on /tmp. If /tmp and / are on the same filesystem, I end up with user_tmp_t on the patched file. If I have a separate /tmp mount (e.g. tmpfs mount), then the file gets re-created in $HOME and defaults to user_home_t as a result. But neither will actually preserve the original context - at no time do we seem to be calling setfilecon (->setxattr), whereas chown/chmod do seem to be called. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: SELinux file contexts were not preserved on patched files. This has been corrected. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0656.html |