Bug 919409

Summary: wrong selinux context of /etc/multipath/bindings after the installation
Product: Red Hat Enterprise Linux 6 Reporter: Karel Srot <ksrot>
Component: anacondaAssignee: Samantha N. Bueno <sbueno>
Status: CLOSED ERRATA QA Contact: Pavel Holica <pholica>
Severity: high Docs Contact:
Priority: high    
Version: 6.5CC: jhutar, jstodola, mmalik, pbokoc, pholica
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: anaconda-13.21.196-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-21 09:35:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 960065    
Attachments:
Description Flags
possible fix
none
updates.img w/possible fix none

Description Karel Srot 2013-03-08 11:50:50 UTC 
Description of problem:

On a newly installed system I have:

# ls -Zd /etc/multipath
drwxr-xr-x. root root system_u:object_r:root_t:s0      /etc/multipath

# rpm -qa | grep multipath
# for P in `rpm -qa`; do rpm -q --scripts $P | grep -q multipath && echo $P; done
#
# ls -lZR /etc/multipath
/etc/multipath:
-rw-------. root root system_u:object_r:root_t:s0      bindings

but the correct context is lvm_metadata_t (see bug 880407).

in anaconda.log I can see:

11:21:28,431 INFO    : moving (1) to step preinstallconfig
11:21:28,432 DEBUG   : preinstallconfig is a direct step
11:21:28,456 DEBUG   : isys.py:mount()- going to mount /selinux on /mnt/sysimage/selinux as selinuxfs with options defaults
11:21:28,459 DEBUG   : isys.py:mount()- going to mount /proc/bus/usb on /mnt/sysimage/proc/bus/usb as usbfs with options defaults
11:21:28,467 INFO    : copy_to_sysimage: source '/etc/multipath/wwids' does not exist.
11:21:28,467 DEBUG   : copy_to_sysimage: '/etc/multipath/bindings' -> '/mnt/sysimage/etc/multipath/bindings'.
11:21:28,474 INFO    : copy_to_sysimage: source '/etc/multipath/wwids' does not exist.
11:21:28,474 DEBUG   : copy_to_sysimage: '/etc/multipath/bindings' -> '/mnt/sysimage/etc/multipath/bindings'.
11:21:28,477 INFO    : leaving (1) step preinstallconfig

seems that the context should be restored later on.

How reproducible:
always on the necessary system configuration

Steps to Reproduce:
1. just install the system
2. check /etc/multipath/binding
3.
  
Actual results:
/etc/multipath directory has wrong selinux context

Expected results:
/etc/multipath (and its content) has correct selinux context

Additional info:
Comment 3 RHEL Program Management 2013-05-06 21:15:57 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 10 Samantha N. Bueno 2013-07-02 01:13:12 UTC 
Created attachment 767576 [details]
possible fix

I'm attaching an updates.img with a proposed fix. Would someone mind testing this out to verify the correct SELinux context is being set now?
Comment 11 Samantha N. Bueno 2013-07-02 01:41:13 UTC 
Created attachment 767581 [details]
updates.img w/possible fix

Bah; please ignore that first attachment and use this updates.img to test. (Sorry about that.)
Comment 12 Jan Stodola 2013-07-02 08:18:29 UTC 
Testing with updates image from comment 11 looks good:

[root@rtt7 ~]# ls -lZ /etc/multipath
-rw-------. root root system_u:object_r:lvm_metadata_t:s0 bindings
-rw-------. root root system_u:object_r:lvm_metadata_t:s0 wwids
[root@rtt7 ~]# ls -lZd /etc/multipath
drwxr-xr-x. root root system_u:object_r:lvm_metadata_t:s0 /etc/multipath
[root@rtt7 ~]# restorecon -Rv /etc/multipath
[root@rtt7 ~]#
Comment 13 Samantha N. Bueno 2013-07-02 14:20:56 UTC 
Thanks, Jan. Patch posted to anaconda-patches for review.
Comment 14 Samantha N. Bueno 2013-07-03 14:00:59 UTC 
Patch pushed to rhel6-branch, commit 30ae37ce3ffb8e1311fad4756b2842b984d9348d.
Comment 16 Pavel Holica 2013-10-23 10:37:47 UTC 
Reproduced on RHEL 6.4 x86_64 Server
Verified fix on RHEL6.5-20131022.2 x86_64 Server
Comment 18 errata-xmlrpc 2013-11-21 09:35:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1588.html