Bug 966920
Summary: | sepolicy generate: Setup script of --cgi policy uses wrong spec file | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Michal Trunecka <mtruneck> |
Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Michal Trunecka <mtruneck> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | ebenes, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:26:48 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 917049 |
Description
Michal Trunecka
2013-05-24 09:18:17 UTC
Fixed in policycoreutils-2.1.14-46.el7 VERIFIED using automated regression test: :: [ PASS ] :: Running 'sleep 1' Loaded plugins: product-id Created the following files: mypolicy/testpolicy.te # Type Enforcement file mypolicy/testpolicy.if # Interface file mypolicy/testpolicy.fc # File Contexts file mypolicy/testpolicy_selinux.spec # Spec file mypolicy/testpolicy.sh # Setup Script :: [ PASS ] :: Running 'sepolicy generate -p mypolicy --cgi /usr/bin/testpolicy ' policy_module(testpolicy, 1.0.0) ######################################## # # Declarations # apache_content_template(testpolicy) permissive httpd_testpolicy_script_t; ######################################## # # httpd_testpolicy_script local policy # domain_use_interactive_fds(httpd_testpolicy_script_t) files_read_etc_files(httpd_testpolicy_script_t) miscfiles_read_localization(httpd_testpolicy_script_t) :: [ PASS ] :: Running 'cat mypolicy/testpolicy.te' ## <summary>policy for httpd_testpolicy_script</summary> ######################################## ## <summary> ## Execute TEMPLATE in the httpd_testpolicy_script domin. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed to transition. ## </summary> ## </param> # interface(`httpd_testpolicy_script_domtrans',` gen_require(` type httpd_testpolicy_script_t, httpd_testpolicy_script_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, httpd_testpolicy_script_exec_t, httpd_testpolicy_script_t) ') :: [ PASS ] :: Running 'cat mypolicy/testpolicy.if' /usr/bin/testpolicy -- gen_context(system_u:object_r:httpd_testpolicy_script_exec_t,s0) :: [ PASS ] :: Running 'cat mypolicy/testpolicy.fc' Building and Loading Policy + make -f /usr/share/selinux/devel/Makefile testpolicy.pp make[1]: Entering directory `/root/policycoreutils/Sanity/sepolicy-generate/mypolicy' Compiling targeted testpolicy module /usr/bin/checkmodule: loading policy configuration from tmp/testpolicy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/testpolicy.mod Creating targeted testpolicy.pp policy package rm tmp/testpolicy.mod tmp/testpolicy.mod.fc make[1]: Leaving directory `/root/policycoreutils/Sanity/sepolicy-generate/mypolicy' + /usr/sbin/semodule -i testpolicy.pp + sepolicy manpage -p . -d httpd_testpolicy_script_t ./httpd_testpolicy_script_selinux.8 + /sbin/restorecon -F -R -v /usr/bin/testpolicy /sbin/restorecon reset /usr/bin/testpolicy context system_u:object_r:unlabeled_t:s0->system_u:object_r:httpd_testpolicy_script_exec_t:s0 ++ pwd + pwd=/root/policycoreutils/Sanity/sepolicy-generate/mypolicy + rpmbuild --define '_sourcedir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_specdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_builddir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_srcrpmdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_rpmdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_buildrootdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build' -ba testpolicy_selinux.spec Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.gyp0v3 + umask 022 + cd /root/policycoreutils/Sanity/sepolicy-generate/mypolicy + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/packages + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy.pp /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/packages + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/devel/include/contrib + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy.if /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/devel/include/contrib/ + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/man/man8/ + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/httpd_testpolicy_script_selinux.8 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/man/man8/httpd_testpolicy_script_selinux.8 + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/etc/selinux/targeted/contexts/users/ + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump Processing files: testpolicy_selinux-1.0-1.el7.noarch Provides: testpolicy_selinux = 1.0-1.el7 Requires(interp): /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): /bin/sh selinux-policy-base >= 3.12.1-44 Requires(postun): /bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64 Wrote: /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy_selinux-1.0-1.el7.src.rpm Wrote: /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/noarch/testpolicy_selinux-1.0-1.el7.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.wd54Ql + umask 022 + cd /root/policycoreutils/Sanity/sepolicy-generate/mypolicy + /usr/bin/rm -rf /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64 + exit 0 :: [ PASS ] :: Running 'mypolicy/testpolicy.sh' testpolicy 1.0.0 :: [ PASS ] :: Running 'semodule -l | grep testpolicy' /usr/sbin/semanage: SELinux user testpolicy_u is not defined :: [ PASS ] :: Running 'semanage user -d testpolicy_u' :: [ PASS ] :: Running 'semodule -r testpolicy' :: [ PASS ] :: Running 'rm -rf mypolicy/*' :: [ PASS ] :: Running 'sleep 1' Loaded plugins: product-id Created the following files: mypolicy/testpolicy.te # Type Enforcement file mypolicy/testpolicy.if # Interface file mypolicy/testpolicy.fc # File Contexts file mypolicy/testpolicy_selinux.spec # Spec file mypolicy/testpolicy.sh # Setup Script :: [ PASS ] :: Running 'sepolicy generate -p mypolicy -w /home --cgi /usr/bin/testpolicy ' policy_module(testpolicy, 1.0.0) ######################################## # # Declarations # apache_content_template(testpolicy) permissive httpd_testpolicy_script_t; ######################################## # # httpd_testpolicy_script local policy # manage_dirs_pattern(httpd_testpolicy_script_t, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) manage_files_pattern(httpd_testpolicy_script_t, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) manage_lnk_files_pattern(httpd_testpolicy_script_t, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) domain_use_interactive_fds(httpd_testpolicy_script_t) files_read_etc_files(httpd_testpolicy_script_t) miscfiles_read_localization(httpd_testpolicy_script_t) :: [ PASS ] :: Running 'cat mypolicy/testpolicy.te' ## <summary>policy for httpd_testpolicy_script</summary> ######################################## ## <summary> ## Execute TEMPLATE in the httpd_testpolicy_script domin. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed to transition. ## </summary> ## </param> # interface(`httpd_testpolicy_script_domtrans',` gen_require(` type httpd_testpolicy_script_t, httpd_testpolicy_script_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, httpd_testpolicy_script_exec_t, httpd_testpolicy_script_t) ') ######################################## ## <summary> ## Search httpd_testpolicy_script rw directories. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`httpd_testpolicy_script_search_rw_dir',` gen_require(` type httpd_testpolicy_script_rw_t; ') allow $1 httpd_testpolicy_script_rw_t:dir search_dir_perms; files_search_rw($1) ') ######################################## ## <summary> ## Read httpd_testpolicy_script rw files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`httpd_testpolicy_script_read_rw_files',` gen_require(` type httpd_testpolicy_script_rw_t; ') read_files_pattern($1, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) allow $1 httpd_testpolicy_script_rw_t:dir list_dir_perms; files_search_rw($1) ') ######################################## ## <summary> ## Manage httpd_testpolicy_script rw files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`httpd_testpolicy_script_manage_rw_files',` gen_require(` type httpd_testpolicy_script_rw_t; ') manage_files_pattern($1, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) ') ######################################## ## <summary> ## Create, read, write, and delete ## httpd_testpolicy_script rw dirs. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`httpd_testpolicy_script_manage_rw_dirs',` gen_require(` type httpd_testpolicy_script_rw_t; ') manage_dirs_pattern($1, httpd_testpolicy_script_rw_t, httpd_testpolicy_script_rw_t) ') ######################################## ## <summary> ## All of the rules required to administrate ## an httpd_testpolicy_script environment ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <param name="role"> ## <summary> ## Role allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`httpd_testpolicy_script_admin',` gen_require(` type httpd_testpolicy_script_t; type httpd_testpolicy_script_rw_t; ') allow $1 httpd_testpolicy_script_t:process { ptrace signal_perms }; ps_process_pattern($1, httpd_testpolicy_script_t) files_search_etc($1) admin_pattern($1, httpd_testpolicy_script_rw_t) optional_policy(` systemd_passwd_agent_exec($1) systemd_read_fifo_file_passwd_run($1) ') ') :: [ PASS ] :: Running 'cat mypolicy/testpolicy.if' /home(/.*)? gen_context(system_u:object_r:httpd_testpolicy_script_rw_t,s0) /usr/bin/testpolicy -- gen_context(system_u:object_r:httpd_testpolicy_script_exec_t,s0) :: [ PASS ] :: Running 'cat mypolicy/testpolicy.fc' Building and Loading Policy + make -f /usr/share/selinux/devel/Makefile testpolicy.pp make[1]: Entering directory `/root/policycoreutils/Sanity/sepolicy-generate/mypolicy' Compiling targeted testpolicy module /usr/bin/checkmodule: loading policy configuration from tmp/testpolicy.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/testpolicy.mod Creating targeted testpolicy.pp policy package rm tmp/testpolicy.mod tmp/testpolicy.mod.fc make[1]: Leaving directory `/root/policycoreutils/Sanity/sepolicy-generate/mypolicy' + /usr/sbin/semodule -i testpolicy.pp + sepolicy manpage -p . -d httpd_testpolicy_script_t ./httpd_testpolicy_script_selinux.8 + /sbin/restorecon -F -R -v /usr/bin/testpolicy + /sbin/restorecon -F -R -v /home ++ pwd + pwd=/root/policycoreutils/Sanity/sepolicy-generate/mypolicy + rpmbuild --define '_sourcedir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_specdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_builddir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_srcrpmdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_rpmdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy' --define '_buildrootdir /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build' -ba testpolicy_selinux.spec Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.9ev7ry + umask 022 + cd /root/policycoreutils/Sanity/sepolicy-generate/mypolicy + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/packages + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy.pp /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/packages + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/devel/include/contrib + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy.if /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/selinux/devel/include/contrib/ + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/man/man8/ + install -m 644 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/httpd_testpolicy_script_selinux.8 /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/usr/share/man/man8/httpd_testpolicy_script_selinux.8 + install -d /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64/etc/selinux/targeted/contexts/users/ + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump Processing files: testpolicy_selinux-1.0-1.el7.noarch Provides: testpolicy_selinux = 1.0-1.el7 Requires(interp): /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): /bin/sh selinux-policy-base >= 3.12.1-44 Requires(postun): /bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64 Wrote: /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/testpolicy_selinux-1.0-1.el7.src.rpm Wrote: /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/noarch/testpolicy_selinux-1.0-1.el7.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.H5foG0 + umask 022 + cd /root/policycoreutils/Sanity/sepolicy-generate/mypolicy + /usr/bin/rm -rf /root/policycoreutils/Sanity/sepolicy-generate/mypolicy/.build/testpolicy_selinux-1.0-1.el7.x86_64 + exit 0 :: [ PASS ] :: Running 'mypolicy/testpolicy.sh' testpolicy 1.0.0 :: [ PASS ] :: Running 'semodule -l | grep testpolicy' /usr/sbin/semanage: SELinux user testpolicy_u is not defined :: [ PASS ] :: Running 'semanage user -d testpolicy_u' :: [ PASS ] :: Running 'semodule -r testpolicy' :: [ PASS ] :: Running 'rm -rf mypolicy/*' :: [ PASS ] :: Running 'sleep 1' This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |