Bug 831523
Summary: | interface body is not consistent with interface header | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Michal Trunecka <mtruneck> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Michal Trunecka <mtruneck> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 7.0 | CC: | dwalsh, ebenes, mgrepl, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.12.1-119.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:04:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michal Trunecka
2012-06-13 08:36:45 UTC
All of the filetrans now take an optional 5th parameter for file name transitions. Not sure how we document these. Could you rerun this test on latest policy? # rpm -qa | grep -e selinux-policy | sort selinux-policy-3.11.1-38.el7.noarch selinux-policy-devel-3.11.1-38.el7.noarch selinux-policy-doc-3.11.1-38.el7.noarch selinux-policy-minimum-3.11.1-38.el7.noarch selinux-policy-mls-3.11.1-38.el7.noarch selinux-policy-targeted-3.11.1-38.el7.noarch # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 # ./testinterfaces.sh | grep NOT | sort | sed 's/^/ * /' * gnome_cache_filetrans() body is NOT consistent with gnome_cache_filetrans() header! in gnome.if * gnome_config_filetrans() body is NOT consistent with gnome_config_filetrans() header! in gnome.if * gnome_data_filetrans() body is NOT consistent with gnome_data_filetrans() header! in gnome.if * gnome_run_gkeyringd() body is NOT consistent with gnome_run_gkeyringd() header! in gnome.if * init_pid_filetrans() body is NOT consistent with init_pid_filetrans() header! in init.if * kerberos_etc_filetrans_keytab() body is NOT consistent with kerberos_etc_filetrans_keytab() header! in kerberos.if * kerberos_tmp_filetrans_host_rcache() body is NOT consistent with kerberos_tmp_filetrans_host_rcache() header! in kerberos.if * logging_log_named_filetrans() body is NOT consistent with logging_log_named_filetrans() header! in logging.if * mandb_admin() body is NOT consistent with mandb_admin() header! in mandb.if * mta_etc_filetrans_aliases() body is NOT consistent with mta_etc_filetrans_aliases() header! in mta.if * mta_spool_filetrans() body is NOT consistent with mta_spool_filetrans() header! in mta.if * mta_spool_filetrans_queue() body is NOT consistent with mta_spool_filetrans_queue() header! in mta.if * phpfpm_admin() body is NOT consistent with phpfpm_admin() header! in phpfpm.if * pkcsslotd_admin() body is NOT consistent with pkcsslotd_admin() header! in pkcsslotd.if * postfix_config_filetrans() body is NOT consistent with postfix_config_filetrans() header! in postfix.if * rhsmcertd_admin() body is NOT consistent with rhsmcertd_admin() header! in rhsmcertd.if * sensord_admin() body is NOT consistent with sensord_admin() header! in sensord.if * stapserver_admin() body is NOT consistent with stapserver_admin() header! in stapserver.if * tomcat_admin() body is NOT consistent with tomcat_admin() header! in tomcat.if * userdom_admin_home_dir_filetrans() body is NOT consistent with userdom_admin_home_dir_filetrans() header! in userdomain.if * userdom_unpriv_type() body is NOT consistent with userdom_unpriv_type() header! in userdomain.if * virt_pid_filetrans() body is NOT consistent with virt_pid_filetrans() header! in virt.if * xserver_xdm_tmp_filetrans() body is NOT consistent with xserver_xdm_tmp_filetrans() header! in xserver.if # Milos, the problem with these filetrans interfaces is the last argument which is option al => filename transition So no problem to fix descriptions to contain also the last argument but the question is if we want to do it? Note: I am just talking about filetrans interfaces which contain it I think we need to bring this up with upstream and ask Chris how he wants to define these interfaces. We will need a retest for selinux-policy-3.11.1-54.fc18.noarch Although filenametrans will not be fixed. Never mind, I fixed them. Fixed in selinux-policy-3.11.1-54.rhel7 # rpm -qa selinux-policy\* selinux-policy-targeted-3.11.1-56.el7.noarch selinux-policy-3.11.1-56.el7.noarch selinux-policy-minimum-3.11.1-56.el7.noarch selinux-policy-mls-3.11.1-56.el7.noarch selinux-policy-doc-3.11.1-56.el7.noarch selinux-policy-devel-3.11.1-56.el7.noarch # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 # ./testinterfaces.sh | grep NOT | sort | sed 's/^/ * /' * authconfig_admin() body is NOT consistent with authconfig_admin() header! in authconfig.if * gnome_admin_home_gconf_filetrans() body is NOT consistent with gnome_admin_home_gconf_filetrans() header! in gnome.if * logging_log_named_filetrans() body is NOT consistent with logging_log_named_filetrans() header! in logging.if * openvswitch_admin() body is NOT consistent with openvswitch_admin() header! in openvswitch.if * userdom_admin_home_dir_filetrans() body is NOT consistent with userdom_admin_home_dir_filetrans() header! in userdomain.if * userdom_tmpfs_filetrans_to() body is NOT consistent with userdom_tmpfs_filetrans_to() header! in userdomain.if * userdom_unpriv_type() body is NOT consistent with userdom_unpriv_type() header! in userdomain.if # Fixed in selinux-policy-3.11.1-61.el7.noarch selinux-policy-3.11.1-69.el7.noarch selinux-policy-devel-3.11.1-69.el7.noarch The automated test found out that: * authconfig_admin() body is NOT consistent with authconfig_admin() header! in authconfig.if * mcollective_admin() body is NOT consistent with mcollective_admin() header! in mcollective.if Has been already fixed. alsa_home_filetrans_alsa_home() body is NOT consistent with alsa_home_filetrans_alsa_home() header! in alsa.if cups_backend() body is NOT consistent with cups_backend() header! in cups.if gssproxy_admin() body is NOT consistent with gssproxy_admin() header! in gssproxy.if ksmtuned_admin() body is NOT consistent with ksmtuned_admin() header! in ksmtuned.if ktalk_admin() body is NOT consistent with ktalk_admin() header! in ktalk.if lsmd_admin() body is NOT consistent with lsmd_admin() header! in lsm.if modemmanager_admin() body is NOT consistent with modemmanager_admin() header! in modemmanager.if mplayer_filetrans_home_content() body is NOT consistent with mplayer_filetrans_home_content() header! in mplayer.if mythtv_admin() body is NOT consistent with mythtv_admin() header! in mythtv.if pesign_admin() body is NOT consistent with pesign_admin() header! in pesign.if prosody_admin() body is NOT consistent with prosody_admin() header! in prosody.if rsync_etc_filetrans_config() body is NOT consistent with rsync_etc_filetrans_config() header! in rsync.if swift_admin() body is NOT consistent with swift_admin() header! in swift.if uucp_admin() body is NOT consistent with uucp_admin() header! in uucp.if # rpm -qa selinux-policy\* selinux-policy-devel-3.12.1-85.el7.noarch selinux-policy-targeted-3.12.1-85.el7.noarch selinux-policy-minimum-3.12.1-85.el7.noarch selinux-policy-mls-3.12.1-85.el7.noarch selinux-policy-3.12.1-85.el7.noarch # Milos, Could you re-test it? Thank you. The automated TC found following discrepancies: docker_admin() body is NOT consistent with docker_admin() header! in docker.if rtas_errd_admin() body is NOT consistent with rtas_errd_admin() header! in rtas.if In both cases the header defines 2 parameters, but the body uses just the first of them. commit 8c7aed411494866dca1031bae67a6ca3482b7484 Author: Miroslav Grepl <mgrepl> Date: Fri Nov 22 10:48:07 2013 +0100 Clean up docker.if commit 32ea225bedcac0e3f0d254324c998a6340615648 Author: Miroslav Grepl <mgrepl> Date: Fri Nov 22 10:52:34 2013 +0100 Clean up rtas.if bumblebee_admin() body is NOT consistent with bumblebee_admin() header! in bumblebee.if mip6d_admin() body is NOT consistent with mip6d_admin() header! in mip6d.if # rpm -qa selinux-policy\* selinux-policy-3.12.1-109.el7.noarch selinux-policy-devel-3.12.1-109.el7.noarch selinux-policy-targeted-3.12.1-109.el7.noarch commit 18ff024f0ab541374c90119aea35670abb4b35f3 Author: Lukas Vrabec <lvrabec> Date: Tue Dec 17 11:28:06 2013 +0100 Fixed bumblebee_admin() and mip6d_admin() commit f682f17253b9904a8bd733b48b9d32f8d2e0d0b0 Author: Miroslav Grepl <mgrepl> Date: Mon Jan 20 10:42:23 2014 +0100 Fix header for mirrormanager_admin() This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |