Bug 987456
Summary: | RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Scott Poore <spoore> | ||||
Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | ||||
Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 6.4 | CC: | ccoursey, dpal, ekeck, grajaiya, jgalipea, lslebodn, mkosek, pbrezina, spoore | ||||
Target Milestone: | rc | Keywords: | ZStream | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | sssd-1.9.2-95.el6 | Doc Type: | Bug Fix | ||||
Doc Text: |
Do not document.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-11-21 22:21:09 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1022708 | ||||||
Attachments: |
|
Description
Scott Poore
2013-07-23 12:20:51 UTC
Created attachment 778127 [details]
A specfile patch
A candidate patch that calls restorecon as a workaround to set the right SELinux context on upgrades.
Marian Ganisin found that on clean install the patch causes a warning. Moving back to ASSIGNED. Actually scratch that. We're including a separate bugzilla for the warning. Hi Scott, would you mind helping Kaushik with reproducing this bugzilla or providing easier steps for automation? Thank you! Probably easier to automate testing here in IPA upgrade test. This is basically what I've had to do to see/reproduce the issue: On RHEL6.3 host: - yum install sssd - point to RHEL6.4 yum repos - yum update sssd - stat --format %C /var/lib/sss/mc/passwd [EXPECT] sssd_public_t [NOT] sssd_var_lib_t Here you have to have both selinux-policy and sssd updated from the same yum command to see the issue. So, can we go with testing just in the IPA upgrades? Testing this issue during IPA upgrade testing sounds fine to me. Verified. Version :: sssd.x86_64 0:1.9.2-127.el6 Automated Test Results :: ... Installed: krb5-pkinit-openssl.x86_64 0:1.10.3-10.el6_4.6 Dependency Installed: autofs.x86_64 1:5.0.5-86.el6 hesiod.x86_64 0:3.1.0-19.el6 libsss_autofs.x86_64 0:1.9.2-127.el6 libsss_idmap.x86_64 0:1.9.2-127.el6 perl-NetAddr-IP.x86_64 0:4.027-7.el6 perl-Socket6.x86_64 0:0.23-4.el6 pytalloc.x86_64 0:2.0.7-2.el6 samba4-libs.x86_64 0:4.0.0-58.el6.rc4 Updated: bind-dyndb-ldap.x86_64 0:2.3-4.el6 ipa-admintools.x86_64 0:3.0.0-36.el6 ipa-client.x86_64 0:3.0.0-36.el6 ipa-python.x86_64 0:3.0.0-36.el6 ipa-server.x86_64 0:3.0.0-36.el6 ipa-server-selinux.x86_64 0:3.0.0-36.el6 sssd.x86_64 0:1.9.2-127.el6 Dependency Updated: 389-ds-base.x86_64 0:1.2.11.15-25.el6 389-ds-base-libs.x86_64 0:1.2.11.15-25.el6 certmonger.x86_64 0:0.61-3.el6 httpd.x86_64 0:2.2.15-29.el6_4 httpd-tools.x86_64 0:2.2.15-29.el6_4 krb5-devel.x86_64 0:1.10.3-10.el6_4.6 krb5-libs.x86_64 0:1.10.3-10.el6_4.6 krb5-server.x86_64 0:1.10.3-10.el6_4.6 krb5-workstation.x86_64 0:1.10.3-10.el6_4.6 libipa_hbac.x86_64 0:1.9.2-127.el6 libipa_hbac-python.x86_64 0:1.9.2-127.el6 libldb.x86_64 0:1.1.13-3.el6 libtalloc.x86_64 0:2.0.7-2.el6 libtdb.x86_64 0:1.2.10-1.el6 libtevent.x86_64 0:0.9.18-3.el6 mod_nss.x86_64 0:1.0.8-18.el6 nspr.x86_64 0:4.10.0-1.el6 nspr-devel.x86_64 0:4.10.0-1.el6 nss.x86_64 0:3.15.1-9.el6 nss-devel.x86_64 0:3.15.1-9.el6 nss-softokn.x86_64 0:3.14.3-9.el6 nss-softokn-devel.x86_64 0:3.14.3-9.el6 nss-softokn-freebl.x86_64 0:3.14.3-9.el6 nss-softokn-freebl-devel.x86_64 0:3.14.3-9.el6 nss-sysinit.x86_64 0:3.15.1-9.el6 nss-tools.x86_64 0:3.15.1-9.el6 nss-util.x86_64 0:3.15.1-2.el6 nss-util-devel.x86_64 0:3.15.1-2.el6 pki-ca.noarch 0:9.0.3-32.el6 pki-common.noarch 0:9.0.3-32.el6 pki-java-tools.noarch 0:9.0.3-32.el6 pki-native-tools.x86_64 0:9.0.3-32.el6 pki-selinux.noarch 0:9.0.3-32.el6 pki-setup.noarch 0:9.0.3-32.el6 pki-silent.noarch 0:9.0.3-32.el6 pki-symkey.x86_64 0:9.0.3-32.el6 pki-util.noarch 0:9.0.3-32.el6 selinux-policy.noarch 0:3.7.19-217.el6 selinux-policy-targeted.noarch 0:3.7.19-217.el6 sssd-client.x86_64 0:1.9.2-127.el6 Replaced: krb5-pkinit-openssl.x86_64 0:1.9-33.el6 Complete! :: [ PASS ] :: Running 'yum -y update 'ipa*' sssd' (Expected 0, got 0) ... :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa_upgrade_bz987456: [BZ987456] RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'stat --format %C /var/lib/sss/mc/passwd > /tmp/tmpout.ipa_upgrade_bz987456 2>&1' (Expected 0, got 0) unconfined_u:object_r:sssd_public_t:s0 :: [ PASS ] :: Running 'cat /tmp/tmpout.ipa_upgrade_bz987456' (Expected 0, got 0) :: [ PASS ] :: File '/tmp/tmpout.ipa_upgrade_bz987456' should contain 'sssd_public_t' :: [ PASS ] :: BZ 987456 not found Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1680.html |