Bug 159946 - New SELinux Targeted policy changes type for /var/log
New SELinux Targeted policy changes type for /var/log
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-09 11:54 EDT by Peter Snoblin
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-09 14:14:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Snoblin 2005-06-09 11:54:30 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
The latest update to selinux-policy-targeted changed the type specified for /var/log from var_log_t to home_root_t. These changes occured in /etc/selinux/targeted/src/policy/file_contexts/file_contexts.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.88

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to selinux-policy-targeted-1.17.30-2.88
2. Run restorecon -R /var/log

Actual Results:  The type of /var/log was set to home_root_t.

Expected Results:  The type of /var/log should have been var_log_t.

Additional info:

This doesn't seem to be a problem for the policies set forth in the selinux-policy-targeted package, however it was an issue as we use a custom policy to govern snort.
Comment 1 Peter Snoblin 2005-06-09 12:08:30 EDT
I just pushed the update to another box, with a nearly identical configuration.
The odd thing here is that this issue did not arise on this second system. The
changes in question were nowhere to be found, and the labeling on /var/log
remained as it should. Yet, on the first machine, this was not an issue until
the upgrade. I'm not sure what's going on here...
Comment 2 Daniel Walsh 2005-06-09 13:55:01 EDT
Do you have a entry in /etc/passwd with an homedir in /var/log?

Dan
Comment 3 Peter Snoblin 2005-06-09 14:05:24 EDT
One, the 'snort' user has a homedir at '/var/log/snort' -- however this user
exists on both systems, and the sole difference between the two is the uid.
Comment 4 Daniel Walsh 2005-06-09 14:10:40 EDT
If the snort UID is > 500 and has a shell of something other than /sbin/nologin
or /bin/false  This could happen.  Change the UID or the shell and reload
policy, should clear it up.

Dan
Comment 5 Peter Snoblin 2005-06-09 14:14:33 EDT
Ahh, that makes a lot sense!
Thanks for the help, and sorry about bugging you with something so silly.

Note You need to log in before you can comment on or make changes to this bug.