Bug 831523

Summary: interface body is not consistent with interface header
Product: Red Hat Enterprise Linux 7 Reporter: Michal Trunecka <mtruneck>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED CURRENTRELEASE QA Contact: Michal Trunecka <mtruneck>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dwalsh, ebenes, mgrepl, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.12.1-119.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:04:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Trunecka 2012-06-13 08:36:45 UTC 
Description of problem:
interface body is not consistent with interface header

Version-Release number of selected component (if applicable):
selinux-policy-doc-3.10.0-128.el7.noarch
selinux-policy-targeted-3.10.0-128.el7.noarch
selinux-policy-mls-3.10.0-128.el7.noarch
selinux-policy-3.10.0-128.el7.noarch
selinux-policy-devel-3.10.0-128.el7.noarch


How reproducible:
always

Steps to Reproduce:
1. look into listed interface file:
/usr/share/selinux/devel/include/
2. search for the definition of given interface
3. compare the number of parameters described in the header and used in the body

Brief list of inconsistencies is below, full list with more details is in an attachement.


accountsd_admin() is inconsistent with header in accountsd.if
apache_admin() is inconsistent with header in apache.if
bugzilla_admin() is inconsistent with header in bugzilla.if
couchdb_admin() is inconsistent with header in couchdb.if
dev_filetrans() is inconsistent with header in devices.if
dnssec_trigger_admin() is inconsistent with header in dnssec.if
files_root_filetrans() is inconsistent with header in files.if
files_boot_filetrans() is inconsistent with header in files.if
files_etc_filetrans() is inconsistent with header in files.if
files_home_filetrans() is inconsistent with header in files.if
files_kernel_modules_filetrans() is inconsistent with header in files.if
files_tmp_filetrans() is inconsistent with header in files.if
files_usr_filetrans() is inconsistent with header in files.if
files_var_filetrans() is inconsistent with header in files.if
files_var_lib_filetrans() is inconsistent with header in files.if
files_lock_filetrans() is inconsistent with header in files.if
files_pid_filetrans() is inconsistent with header in files.if
files_spool_filetrans() is inconsistent with header in files.if
gnome_cache_filetrans() is inconsistent with header in gnome.if
gnome_config_filetrans() is inconsistent with header in gnome.if
gnome_data_filetrans() is inconsistent with header in gnome.if
gnome_transition_gkeyringd() is inconsistent with header in gnome.if
init_pid_filetrans() is inconsistent with header in init.if
jetty_admin() is inconsistent with header in jetty.if
jockey_admin() is inconsistent with header in jockey.if
kerberos_etc_filetrans_keytab() is inconsistent with header in kerberos.if
kerberos_tmp_filetrans_host_rcache() is inconsistent with header in kerberos.if
keystone_admin() is inconsistent with header in keystone.if
logging_log_named_filetrans() is inconsistent with header in logging.if
httpd_man2html_script_admin() is inconsistent with header in man2html.if
mock_admin() is inconsistent with header in mock.if
mojomojo_admin() is inconsistent with header in mojomojo.if
mta_etc_filetrans_aliases() is inconsistent with header in mta.if
mta_spool_filetrans() is inconsistent with header in mta.if
mta_spool_filetrans_queue() is inconsistent with header in mta.if
numad_admin() is inconsistent with header in numad.if
plymouthd_admin() is inconsistent with header in plymouthd.if
postfix_config_filetrans() is inconsistent with header in postfix.if
quantum_admin() is inconsistent with header in quantum.if
svnserve_admin() is inconsistent with header in svnserve.if
sysnet_etc_filetrans_config() is inconsistent with header in sysnetwork.if
userdom_user_home_dir_filetrans() is inconsistent with header in userdomain.if
userdom_user_home_content_filetrans() is inconsistent with header in userdomain.if
userdom_user_tmp_filetrans() is inconsistent with header in userdomain.if
userdom_unpriv_usertype() is inconsistent with header in userdomain.if
userdom_unpriv_type() is inconsistent with header in userdomain.if
userdom_admin_home_dir_filetrans() is inconsistent with header in userdomain.if
virt_pid_filetrans() is inconsistent with header in virt.if
vnstatd_admin() is inconsistent with header in vnstatd.if
wine_role() is inconsistent with header in wine.if
xserver_xdm_tmp_filetrans() is inconsistent with header in xserver.if
Comment 1 Daniel Walsh 2012-06-13 21:58:59 UTC 
All of the filetrans now take an optional 5th parameter for file name transitions.  Not sure how we document these.
Comment 4 Daniel Walsh 2012-10-12 19:12:10 UTC 
Could you rerun this test on latest policy?
Comment 5 Milos Malik 2012-10-18 12:43:40 UTC 
# rpm -qa | grep -e selinux-policy | sort
selinux-policy-3.11.1-38.el7.noarch
selinux-policy-devel-3.11.1-38.el7.noarch
selinux-policy-doc-3.11.1-38.el7.noarch
selinux-policy-minimum-3.11.1-38.el7.noarch
selinux-policy-mls-3.11.1-38.el7.noarch
selinux-policy-targeted-3.11.1-38.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
# ./testinterfaces.sh | grep NOT | sort | sed 's/^/ * /'
 * gnome_cache_filetrans() body is NOT consistent with gnome_cache_filetrans() header! in gnome.if
 * gnome_config_filetrans() body is NOT consistent with gnome_config_filetrans() header! in gnome.if
 * gnome_data_filetrans() body is NOT consistent with gnome_data_filetrans() header! in gnome.if
 * gnome_run_gkeyringd() body is NOT consistent with gnome_run_gkeyringd() header! in gnome.if
 * init_pid_filetrans() body is NOT consistent with init_pid_filetrans() header! in init.if
 * kerberos_etc_filetrans_keytab() body is NOT consistent with kerberos_etc_filetrans_keytab() header! in kerberos.if
 * kerberos_tmp_filetrans_host_rcache() body is NOT consistent with kerberos_tmp_filetrans_host_rcache() header! in kerberos.if
 * logging_log_named_filetrans() body is NOT consistent with logging_log_named_filetrans() header! in logging.if
 * mandb_admin() body is NOT consistent with mandb_admin() header! in mandb.if
 * mta_etc_filetrans_aliases() body is NOT consistent with mta_etc_filetrans_aliases() header! in mta.if
 * mta_spool_filetrans() body is NOT consistent with mta_spool_filetrans() header! in mta.if
 * mta_spool_filetrans_queue() body is NOT consistent with mta_spool_filetrans_queue() header! in mta.if
 * phpfpm_admin() body is NOT consistent with phpfpm_admin() header! in phpfpm.if
 * pkcsslotd_admin() body is NOT consistent with pkcsslotd_admin() header! in pkcsslotd.if
 * postfix_config_filetrans() body is NOT consistent with postfix_config_filetrans() header! in postfix.if
 * rhsmcertd_admin() body is NOT consistent with rhsmcertd_admin() header! in rhsmcertd.if
 * sensord_admin() body is NOT consistent with sensord_admin() header! in sensord.if
 * stapserver_admin() body is NOT consistent with stapserver_admin() header! in stapserver.if
 * tomcat_admin() body is NOT consistent with tomcat_admin() header! in tomcat.if
 * userdom_admin_home_dir_filetrans() body is NOT consistent with userdom_admin_home_dir_filetrans() header! in userdomain.if
 * userdom_unpriv_type() body is NOT consistent with userdom_unpriv_type() header! in userdomain.if
 * virt_pid_filetrans() body is NOT consistent with virt_pid_filetrans() header! in virt.if
 * xserver_xdm_tmp_filetrans() body is NOT consistent with xserver_xdm_tmp_filetrans() header! in xserver.if
#
Comment 6 Miroslav Grepl 2012-11-12 18:29:57 UTC 
Milos,
the problem with these filetrans interfaces is the last argument which is option al => filename transition

So no problem to fix descriptions to contain also the last argument but the question is if we want to do it?

Note: I am just talking about filetrans interfaces which contain it
Comment 7 Daniel Walsh 2012-11-13 14:27:05 UTC 
I think we need to bring this up with upstream and ask Chris how he wants to define these interfaces.
Comment 8 Daniel Walsh 2012-11-15 15:40:50 UTC 
We will need a retest for  selinux-policy-3.11.1-54.fc18.noarch

Although filenametrans will not be fixed.
Comment 9 Daniel Walsh 2012-11-15 15:52:24 UTC 
Never mind, I fixed them.

Fixed in selinux-policy-3.11.1-54.rhel7
Comment 10 Milos Malik 2012-12-05 08:45:25 UTC 
# rpm -qa selinux-policy\*
selinux-policy-targeted-3.11.1-56.el7.noarch
selinux-policy-3.11.1-56.el7.noarch
selinux-policy-minimum-3.11.1-56.el7.noarch
selinux-policy-mls-3.11.1-56.el7.noarch
selinux-policy-doc-3.11.1-56.el7.noarch
selinux-policy-devel-3.11.1-56.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
# ./testinterfaces.sh | grep NOT | sort | sed 's/^/ * /'
 * authconfig_admin() body is NOT consistent with authconfig_admin() header! in authconfig.if
 * gnome_admin_home_gconf_filetrans() body is NOT consistent with gnome_admin_home_gconf_filetrans() header! in gnome.if
 * logging_log_named_filetrans() body is NOT consistent with logging_log_named_filetrans() header! in logging.if
 * openvswitch_admin() body is NOT consistent with openvswitch_admin() header! in openvswitch.if
 * userdom_admin_home_dir_filetrans() body is NOT consistent with userdom_admin_home_dir_filetrans() header! in userdomain.if
 * userdom_tmpfs_filetrans_to() body is NOT consistent with userdom_tmpfs_filetrans_to() header! in userdomain.if
 * userdom_unpriv_type() body is NOT consistent with userdom_unpriv_type() header! in userdomain.if
#
Comment 11 Daniel Walsh 2012-12-05 21:33:59 UTC 
Fixed in selinux-policy-3.11.1-61.el7.noarch
Comment 12 Milos Malik 2013-01-31 13:21:00 UTC 
selinux-policy-3.11.1-69.el7.noarch
selinux-policy-devel-3.11.1-69.el7.noarch

The automated test found out that:
 * authconfig_admin() body is NOT consistent with authconfig_admin() header! in authconfig.if
 * mcollective_admin() body is NOT consistent with mcollective_admin() header! in mcollective.if
Comment 13 Miroslav Grepl 2013-10-03 09:06:17 UTC 
Has been already fixed.
Comment 14 Milos Malik 2013-10-03 10:26:42 UTC 
alsa_home_filetrans_alsa_home() body is NOT consistent with alsa_home_filetrans_alsa_home() header! in alsa.if
Comment 15 Milos Malik 2013-10-03 10:29:01 UTC 
cups_backend() body is NOT consistent with cups_backend() header! in cups.if
gssproxy_admin() body is NOT consistent with gssproxy_admin() header! in gssproxy.if
ksmtuned_admin() body is NOT consistent with ksmtuned_admin() header! in ksmtuned.if
ktalk_admin() body is NOT consistent with ktalk_admin() header! in ktalk.if
lsmd_admin() body is NOT consistent with lsmd_admin() header! in lsm.if
modemmanager_admin() body is NOT consistent with modemmanager_admin() header! in modemmanager.if
mplayer_filetrans_home_content() body is NOT consistent with mplayer_filetrans_home_content() header! in mplayer.if
mythtv_admin() body is NOT consistent with mythtv_admin() header! in mythtv.if
pesign_admin() body is NOT consistent with pesign_admin() header! in pesign.if
prosody_admin() body is NOT consistent with prosody_admin() header! in prosody.if
rsync_etc_filetrans_config() body is NOT consistent with rsync_etc_filetrans_config() header! in rsync.if
swift_admin() body is NOT consistent with swift_admin() header! in swift.if
uucp_admin() body is NOT consistent with uucp_admin() header! in uucp.if

# rpm -qa selinux-policy\*
selinux-policy-devel-3.12.1-85.el7.noarch
selinux-policy-targeted-3.12.1-85.el7.noarch
selinux-policy-minimum-3.12.1-85.el7.noarch
selinux-policy-mls-3.12.1-85.el7.noarch
selinux-policy-3.12.1-85.el7.noarch
#
Comment 16 Lukas Vrabec 2013-11-21 15:56:41 UTC 
Milos, 
Could you re-test it? 

Thank you.
Comment 17 Milos Malik 2013-11-22 08:44:53 UTC 
The automated TC found following discrepancies:
docker_admin() body is NOT consistent with docker_admin() header! in docker.if
rtas_errd_admin() body is NOT consistent with rtas_errd_admin() header! in rtas.if

In both cases the header defines 2 parameters, but the body uses just the first of them.
Comment 18 Miroslav Grepl 2013-11-22 10:04:02 UTC 
commit 8c7aed411494866dca1031bae67a6ca3482b7484
Author: Miroslav Grepl <mgrepl>
Date:   Fri Nov 22 10:48:07 2013 +0100

    Clean up docker.if

commit 32ea225bedcac0e3f0d254324c998a6340615648
Author: Miroslav Grepl <mgrepl>
Date:   Fri Nov 22 10:52:34 2013 +0100

    Clean up rtas.if
Comment 19 Michal Trunecka 2013-12-16 12:08:32 UTC 
bumblebee_admin() body is NOT consistent with bumblebee_admin() header! in bumblebee.if
mip6d_admin() body is NOT consistent with mip6d_admin() header! in mip6d.if

# rpm -qa selinux-policy\*
selinux-policy-3.12.1-109.el7.noarch
selinux-policy-devel-3.12.1-109.el7.noarch
selinux-policy-targeted-3.12.1-109.el7.noarch
Comment 20 Lukas Vrabec 2013-12-17 10:29:49 UTC 
commit 18ff024f0ab541374c90119aea35670abb4b35f3
Author: Lukas Vrabec <lvrabec>
Date:   Tue Dec 17 11:28:06 2013 +0100

    Fixed bumblebee_admin() and mip6d_admin()
Comment 23 Miroslav Grepl 2014-01-20 09:43:29 UTC 
commit f682f17253b9904a8bd733b48b9d32f8d2e0d0b0
Author: Miroslav Grepl <mgrepl>
Date:   Mon Jan 20 10:42:23 2014 +0100

    Fix header for mirrormanager_admin()
Comment 25 Ludek Smid 2014-06-13 12:04:57 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.