Bug 658084
Summary: | Anaconda sets wrong(at lest different) selinux context on /etc/sysconfig/iptables file | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Raghu Udiyar <rudiyar> | ||||||
Component: | anaconda | Assignee: | Brian Lane <bcl> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 5.5 | CC: | atodorov, jstodola | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | anaconda-11.1.2.227-1 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2011-07-21 06:54:48 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Raghu Udiyar
2010-11-29 10:00:46 UTC
Didn't you update the selinux-policy-targeted package after installation? Anaconda sets the context depending on what selinux gives us, so this may be caused because of a different selinux-policy-targeted package in the install.img and in the installed system. I have tested this on a fresh RHEL5.5 installation. I've ran no updates after the installation. The policy sets "etc_runtime_t" : # semanage fcontext -l | grep iptables [..] /etc/sysconfig/iptables regular file system_u:object_r:etc_runtime_t:s0 [..] Maybe, the install.img contains an older package then the same package it's installing on the system. > Maybe, the install.img contains an older package then the same package it's
> installing on the system.
That's what I am wondering, too. The install.img will contain whatever was in the tree at the time the install.img was composed. So really the only time the above situation would happen is if new packages were put into the tree without generating new images.
Can you attach /var/log/anaconda.log and /var/log/anaconda.syslog to this bug report, just so we can verify there's nothing suspect in there?
Created attachment 464186 [details]
anaconda.log
Created attachment 464187 [details]
anaconda.syslog
Okay, it looks like anaconda just needs to set the label on /etc/sysconfig/iptables on rhel5-branch. On rhel6-branch and master we relabel the entire /etc/sysconfig directory but we are a little more selective on RHEL5, which is why we are seeing problems here. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Tested with RHEL5.7-Server-20110430.2 and the result is a PASS. After install: # ls -lZ /etc/sysconfig/iptables -rw------- root root system_u:object_r:etc_runtime_t /etc/sysconfig/iptables # restorecon /etc/sysconfig/iptables # ls -lZ /etc/sysconfig/iptables -rw------- root root system_u:object_r:etc_runtime_t /etc/sysconfig/iptables An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0984.html |