Bug 717572

Summary: Satellite fails to check selinux context on systems running mcstrans daemon
Product: Red Hat Satellite 5 Reporter: Raul Mahiques <rmahique>
Component: Configuration ManagementAssignee: Tomas Lestach <tlestach>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 540CC: cherguet, cperry, xdmoon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-10 21:10:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 260381    

Description Raul Mahiques 2011-06-29 09:27:37 UTC
Description of problem:
If you specify the selinux context for a configuration file managed by satellite, it may fail the selinux check if mcstrans daemon is running on the client.



How reproducible:

Steps to Reproduce:
1. Create a configuration file on satellite, example:
/etc/config
with security context: system_u:object_r:etc_t:s0

2. start mcstrans with the following configuration example:
#/etc/selinux/targeted/setrans.conf
s0=
s0-s0:c.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh

3. deploy the configuration file from satellite:
Successfully deployed with no errors reported.

4. check the configuration files
#rhncfg-client verify
selinux    /etc/config

5. ls -Z /etc/config shows:
system_u:object_r:etc_t  .. /etc/config

6. Disable mcstrans
service mcstrans stop

7. ls -Z /etc/config shows:
system_u:object_r:etc_t:s0 .. /etc/config

8. check again the configuration files with rhncfg-client shows they are correct.



Expected results:
Check to ignore mcstrans or similar.