Bug 1130556 - Mislabeled file '/boot/etc/yaboot.conf'
Summary: Mislabeled file '/boot/etc/yaboot.conf'
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: anaconda
Version: 6.5
Hardware: Unspecified
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Anaconda Maintenance Team
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-15 14:10 UTC by Martin Žember
Modified: 2017-12-06 11:01 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.7.19-263.el6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-06 11:01:04 UTC


Attachments (Terms of Use)

Description Martin Žember 2014-08-15 14:10:17 UTC
Description of problem:
Mislabeled regular file '/boot/etc/yaboot.conf' found. Labeled as 'unconfined_u:object_r:boot_t:s0', should be 'system_u:object_r:bootloader_etc_t:s0'.

Version-Release number of selected component (if applicable):
yaboot-1.3.14-43.el6
RHEL-6.6-20140731.1

How reproducible:
Always

Steps to Reproduce:
1. Install all packages on a RHEL-6.6 system, RHEL-6.6-20140731.1
2. ls -Z /boot/etc/yaboot.conf

Actual results:
-rw-------. root root unconfined_u:object_r:boot_t:s0  /boot/etc/yaboot.conf


Expected results:
# ls -Z /boot/etc/yaboot.conf 
-rw-------. root root unconfined_u:object_r:bootloader_etc_t:s0 /boot/etc/yaboot.conf

At least that is how it looks like after:
# restorecon /boot/etc/yaboot.conf


Additional info:
Feel free to correct me if the bugreport is wrong.

Comment 1 Jakub Čajka 2014-08-18 12:26:21 UTC
Hello,

I'm able to reproduce it(on machine from beaker), but it seems as problem related to selinux. So I'm setting component selinux-policy.

Comment 2 Miroslav Grepl 2014-09-03 10:01:23 UTC
We have in Fedora/RHEL7

matchpathcon /boot/etc/yaboot.conf 
/boot/etc/yaboot.conf	system_u:object_r:boot_t:s0

Comment 5 Milos Malik 2015-04-27 12:57:40 UTC
# rpm -qa selinux-policy\*
selinux-policy-3.7.19-265.el6.noarch
selinux-policy-targeted-3.7.19-265.el6.noarch
selinux-policy-doc-3.7.19-265.el6.noarch
selinux-policy-mls-3.7.19-265.el6.noarch
selinux-policy-minimum-3.7.19-265.el6.noarch
# semanage fcontext -l | grep yaboot
/boot/etc/yaboot\.conf.*                           regular file       system_u:object_r:bootloader_etc_t:s0 
/etc/yaboot\.conf.*                                regular file       system_u:object_r:bootloader_etc_t:s0 
/usr/lib(64)?/yaboot/addnote                       regular file       system_u:object_r:bin_t:s0 
/var/lib/tftpboot/yaboot                           regular file       system_u:object_r:cobbler_var_lib_t:s0 
# matchpathcon /boot/etc/yaboot.conf
/boot/etc/yaboot.conf	system_u:object_r:bootloader_etc_t:s0
#

Comment 6 Milos Malik 2015-04-27 13:05:02 UTC
# rpm -qf /boot/etc/yaboot.conf 
file /boot/etc/yaboot.conf is not owned by any package
# rpm -qa --scripts | grep yaboot
# 

Can anybody tell me which process created the yaboot.conf file? Or which package brought the file?

Comment 7 Marian Ganisin 2015-05-28 07:45:30 UTC
(In reply to Milos Malik from comment #6)
> # rpm -qf /boot/etc/yaboot.conf 
> file /boot/etc/yaboot.conf is not owned by any package
> # rpm -qa --scripts | grep yaboot
> # 
> 
> Can anybody tell me which process created the yaboot.conf file? Or which
> package brought the file?

Very likely anaconda in same way as it creates grub.conf.

Comment 8 Milos Malik 2015-06-05 08:03:50 UTC
If anaconda created the file then selinux-policy cannot do much about it, because filename transition rules are not available in RHEL-6. The bug should be reassigned to the anaconda component.

Comment 10 Miroslav Grepl 2015-06-08 07:59:24 UTC
(In reply to Milos Malik from comment #8)
> If anaconda created the file then selinux-policy cannot do much about it,
> because filename transition rules are not available in RHEL-6. The bug
> should be reassigned to the anaconda component.

Yes, I agree.

Comment 15 Jan Kurik 2017-12-06 11:01:04 UTC
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/


Note You need to log in before you can comment on or make changes to this bug.