Bug 971593

Summary: /var/lock/mailman created with wrong permissions on every boot
Product: [Fedora] Fedora Reporter: H. Peter Anvin <hpa>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: dominick.grift, dwalsh, h.peter.anvin, jkaluza, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: selinux-policy-3.11.1-98.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-25 00:39:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description H. Peter Anvin 2013-06-06 21:17:44 UTC 
Description of problem:
After reboot, /var/lock/mailman gets created with the wrong labels.  This breaks all administrative functionality in mailman.

restorecon gives:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-169.fc17.noarch
mailman-2.1.14-13.fc17.x86_64

How reproducible:
Happens after every reboot, since /var/lock is part of /run

Steps to Reproduce:
1. Reboot system
2. Check labels on /var/lock/mailman
3.

Actual results:


Expected results:


Additional info:
Comment 1 H. Peter Anvin 2013-06-06 21:18:52 UTC 
Actually complete paste:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->system_u:object_r:mailman_lock_t:s0
Comment 2 Daniel Walsh 2013-06-07 17:47:20 UTC 
bc0348c466a92d42aa72658f3ea93013aaa43201 fixes this in git.
Comment 3 Jan Kaluža 2013-06-10 10:48:37 UTC 
I'm little bit confused now. Daniel, in which git repository the fix is?
Comment 4 Miroslav Grepl 2013-06-10 11:44:22 UTC 
git://git.fedorahosted.org/selinux-policy.git

back ported to F18.
Comment 5 H. Peter Anvin, Intel 2013-06-13 18:22:32 UTC 
We need this on F17 too...
Comment 6 Miroslav Grepl 2013-06-14 05:45:02 UTC 
Back ported.

commit bf2f597e0b69189de0ba3ac0af05d79ad29305d7
Author: Miroslav Grepl <mgrepl>
Date:   Fri Jun 14 07:44:46 2013 +0200

     Fix labeling of mailman
Comment 7 H. Peter Anvin 2013-06-19 21:18:06 UTC 
Is there a koji build for this for F17 by any chance?
Comment 8 Fedora Update System 2013-06-27 13:35:19 UTC 
selinux-policy-3.11.1-98.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-98.fc18
Comment 9 Fedora Update System 2013-06-28 06:09:22 UTC 
Package selinux-policy-3.11.1-98.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-98.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-11859/selinux-policy-3.11.1-98.fc18
then log in and leave karma (feedback).
Comment 10 H. Peter Anvin 2013-07-08 19:07:21 UTC 
To repeat:

Is there a build for this for F17 by any chance?  (Before 17 disappears?)
Comment 11 Miroslav Grepl 2013-07-08 20:40:35 UTC 
Yes, I am working on the latest F17 fixes and the fix for this bug is coming with these fixes.
Comment 12 Fedora Update System 2013-07-25 00:39:11 UTC 
selinux-policy-3.11.1-98.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.