Bug 704189

Summary: Wrong label for /etc/selinux/$SELINUXTYPE/contexts
Product: Red Hat Enterprise Linux 6 Reporter: Ramon de Carvalho Valle <rcvalle>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: high    
Version: 6.1CC: dwalsh, mgrepl, mmalik, sgrubb
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-24 10:06:35 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 584498, 846801, 846802    

Description Ramon de Carvalho Valle 2011-05-12 07:53:06 EDT
Description of problem:
It seems that the /etc/selinux/$SELINUXTYPE/contexts directory and its contents are being labeled incorrectly to default_context_t instead of selinux_config_t.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Miroslav Grepl 2011-05-12 12:05:04 EDT
The policy tells me this is a correct label. Why do you think this is a bug?
Comment 2 Ramon de Carvalho Valle 2011-05-12 12:16:05 EDT
(In reply to comment #1)
> The policy tells me this is a correct label. Why do you think this is a bug?

I think this directory and its contents should be selinux_config_t, as it contains SELinux configuration files.
Comment 3 Miroslav Grepl 2011-05-19 12:22:23 EDT
It contains default contexts so I don't see this as bug.

Comment 4 Daniel Walsh 2011-05-23 11:28:17 EDT
I agree, this has always been labeled default_context, in that lots of domains need to read it that do not need to read other parts of SELinux config.
Comment 5 Ramon de Carvalho Valle 2011-05-23 11:37:24 EDT
Then secadm_r also will need to have write permission to it.
Comment 6 Daniel Walsh 2011-05-23 12:19:26 EDT
I agree.

Miroslav make sure RHEL5 and RHEL6 have



Comment 7 Miroslav Grepl 2011-05-24 10:06:35 EDT

*** This bug has been marked as a duplicate of bug 704191 ***