Bug 786191
| Summary: | selinux-policy update shows error parsing file obj_perm_sets.spt in FIPS mode | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Miroslav Vadkerti <mvadkert> | |
| Component: | policycoreutils | Assignee: | Miroslav Grepl <mgrepl> | |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.2 | CC: | dwalsh, eparis, jpallich, ksrot, mmalik, msvoboda, sdsmall | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | policycoreutils-2.0.83-19.24.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
When installing packages on the system in (Federal Information Processing Standard (FIPS) mode, parsing errors could occur and installation failed. This was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser, which used MD5 checksums that are not supported in FIPS mode. This update modifies the parser to use SHA-256 checksums and installation process is now successful.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 953862 (view as bug list) | Environment: | ||
| Last Closed: | 2012-06-20 15:10:33 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 787605, 953862 | |||
|
Description
Miroslav Vadkerti
2012-01-31 17:09:54 UTC
Steven? Eric? Any ideas? Error is from sepolgen-ifgen. Digging a bit further, appears to trace back to sepolgen/yacc.py, which uses hashlib.md5(). fips mode kills md5? Bug 689387 looks similar but for a different program that uses md5. So if we change this code to hashlib.sha256() it might work... It seems to work on Rawhide. Miroslav Vadkerti Can you change the code and try it again. # sed -i 's/md5/sha256/g' /usr/lib64/python2.7/site-packages/sepolgen/yacc.py # yum reinstall selinux-policy-targeted I confirm that the change fixes the issue: # sed -i 's/md5/sha256/g' /usr/lib64/python2.6/site-packages/sepolgen/yacc.py # yum reinstall selinux-policy-* ... Running Transaction Installing : selinux-policy-3.7.19-126.el6_2.4.noarch 1/3 Installing : selinux-policy-targeted-3.7.19-126.el6_2.4.noarch 2/3 Installing : selinux-policy-mls-3.7.19-126.el6_2.4.noarch 3/3 Installed: selinux-policy.noarch 0:3.7.19-126.el6_2.4 selinux-policy-mls.noarch 0:3.7.19-126.el6_2.4 selinux-policy-targeted.noarch 0:3.7.19-126.el6_2.4 Complete! Fixed in policycoreutils-2.0.83-19.20.el6_2
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
When installing packages on the system in (Federal Information Processing Standard (FIPS) mode, parsing errors could occur and installation failed. This was caused by the "/usr/lib64/python2.7/site-packages/sepolgen/yacc.py" parser, which used MD5 checksums that are not supported in FIPS mode. This update modifies the parser to use SHA-256 checksums and installation process is now successful.
Fixed in policycoreutils-2.0.83-19.24.el6 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0969.html |