Bug 1030035 - inconsistent label for /etc/dnsmasq.d
inconsistent label for /etc/dnsmasq.d
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
Unspecified Linux
unspecified Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2013-11-13 14:07 EST by Cristian Ciupitu
Modified: 2014-02-17 16:08 EST (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-3.12.1-74.18.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-02-17 16:08:09 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Cristian Ciupitu 2013-11-13 14:07:06 EST
Description of problem:
dnsmasq uses extra configuration files which are stored under
/etc/dnsmasq.d as shown at the end of /etc/dnsmasq.conf:

    # Include another lot of configuration options.

The default label used for those files is etc_t, whereas the label for
the main file is dnsmasq_etc_t. This is inconsistent.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Run:
    matchpathcon /etc/dnsmasq.conf 
    matchpathcon /etc/dnsmasq.d/test.conf

Actual results:
/etc/dnsmasq.conf         system_u:object_r:dnsmasq_etc_t:s0
/etc/dnsmasq.d/test.conf  system_u:object_r:etc_t:s0

Expected results:
/etc/dnsmasq.conf         system_u:object_r:dnsmasq_etc_t:s0
/etc/dnsmasq.d/test.conf  system_u:object_r:dnsmasq_etc_t:s0

Additional info:
Comment 1 Daniel Walsh 2013-11-13 16:31:51 EST

Fix this,  Needs to be back ported to RHEL7 also.
Comment 2 Fedora Update System 2014-02-11 17:10:41 EST
selinux-policy-3.12.1-74.18.fc19 has been submitted as an update for Fedora 19.
Comment 3 Fedora Update System 2014-02-12 09:50:58 EST
Package selinux-policy-3.12.1-74.18.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.18.fc19'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2014-02-17 16:08:09 EST
selinux-policy-3.12.1-74.18.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.