Bug 625830

Summary: /etc/ntp.conf deployed via Satellite configuration channels clobbers SELinux information
Product: Red Hat Satellite 5 Reporter: Dave Kline <dkline>
Component: Configuration ManagementAssignee: Tomas Lestach <tlestach>
Status: CLOSED CURRENTRELEASE QA Contact: Martin Minar <mminar>
Severity: medium Docs Contact:
Priority: low    
Version: 530CC: cperry, mkoci, mminar, slukasik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-28 14:55:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 608775    

Description Dave Kline 2010-08-20 14:59:12 UTC 
Description of problem:

/etc/ntp.conf deployed via Satellite configuration channels changes the SELinux context information:

[root@satclient ~]# ls -lZ /etc/ntp.conf 
-rw-r--r--  root root system_u:object_r:net_conf_t     /etc/ntp.conf
[root@satclient ~]# rhncfg-client get
Deploying /etc/ntp.conf
[root@satclient ~]# ls -lZ /etc/ntp.conf 
-rw-r--r--  root root root:object_r:etc_t              /etc/ntp.conf

Version-Release number of selected component (if applicable):

Fully updated Satellite 5.3 and RHEL 5.5 client.

How reproducible:
Deploy a file via configuration channel.

Steps to Reproduce:
1. Enable SELinux on Satellite client
2. Create and deploy configuration files
3. Confirm with ls -lZ on client
  
Actual results:

-rw-r--r--  root root root:object_r:etc_t              /etc/ntp.conf

Expected results:

-rw-r--r--  root root system_u:object_r:net_conf_t     /etc/ntp.conf


Additional info:

A customer will be using Satellite to manage ntp.conf with SELinux enabled.
Comment 1 Clifford Perry 2010-08-30 18:19:22 UTC 
Satellite 5.4 configuration management will allow for end users to define SELinux context of config files being managed and deployed. 

Cliff
Comment 2 Tomas Lestach 2010-09-10 09:05:13 UTC 
Configuration files have an additional property - selinux context.
I verified entered selinux context will be set for a file, when deploying config files.
Comment 4 Šimon Lukašík 2010-10-27 12:23:15 UTC 
Verified in stage against Satellite-5.4.0-RHEL5-re20101025.0.

- Verified that configuration files are deployed with entered selinux context.
- And when selinux context property is omitted, deployed configuration
files selinux context is the same as before the deployment.

With client packages from stage:
rhncfg-client-5.9.27-1.el5sat
rhncfg-management-5.9.27-1.el5sat
rhncfg-actions-5.9.27-1.el5sat
rhncfg-5.9.27-1.el5sat
Comment 5 Clifford Perry 2010-10-28 14:50:19 UTC 
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford