1381296 – /var/run/pcp should be owned by the component

Bug 1381296 - /var/run/pcp should be owned by the component

Summary: /var/run/pcp should be owned by the component

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	pcp
Sub Component:
Version:	6.8
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	pcp-maint
QA Contact:	qe-baseos-tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-03 15:38 UTC by Milos Malik
Modified:	2017-12-06 10:18 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1381301 (view as bug list)
Environment:
Last Closed:	2017-12-06 10:18:30 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2016-10-03 15:38:21 UTC

Description of problem:
* there are many scripts which can create /var/run/pcp directory
* unfortunately SELinux policy is not able to confine all of them
* result is that /var/run/pcp gets created with an incorrect label
* if the directory was owned by some of pcp* packages, it would be created by rpm/yum during the RPM installation and it would be labeled correctly

Version-Release number of selected component (if applicable):
pcp-3.10.9-6.el6.x86_64

How reproducible:
* always

Steps to Reproduce:
# ls -dZ /var/run/pcp/
ls: cannot access /var/run/pcp/: No such file or directory
# chkconfig pmcd on
# service pmcd start
Starting pmcd ... 
# service pmcd status
Checking for pmcd: running
# ls -dZ /var/run/pcp/
drwxrwxr-x. pcp pcp unconfined_u:object_r:var_run_t:s0 /var/run/pcp/
# restorecon -Rv /var/run/pcp/
restorecon reset /var/run/pcp context unconfined_u:object_r:var_run_t:s0->unconfined_u:object_r:pcp_var_run_t:s0
#

Actual results:
# rpm -qf /var/run/pcp/
file /var/run/pcp is not owned by any package
#

Expected results:
* /var/run/pcp is owned by some pcp* package

Comment 1 Nathan Scott 2016-10-03 23:20:56 UTC

Hi Milos,

(In reply to Milos Malik from comment #0)
> [...]
> * if the directory was owned by some of pcp* packages, it would be created
> by rpm/yum during the RPM installation and it would be labeled correctly

Would having this directory installed by RPM but tagged as %ghost be sufficient?

We stopped installing this directory (via pcp RPM) several years ago due to the switch to tmpfs for /var/run FWIW, but AIUI using %ghost may be an alternative.

thanks!

Comment 9 mbenitez 2017-03-08 19:40:08 UTC

Moving out to 6.10

Comment 11 Jan Kurik 2017-12-06 10:18:30 UTC

Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/

Note You need to log in before you can comment on or make changes to this bug.