Bug 165799 - patch does not preserve context - resets to tmp_t
patch does not preserve context - resets to tmp_t
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: patch (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Brock Organ
: Reopened
: 167822 189890 (view as bug list)
Depends On: 453365
Blocks: xattrs-tracker
  Show dependency treegraph
 
Reported: 2005-08-12 08:57 EDT by Tomasz Ostrowski
Modified: 2008-06-30 07:39 EDT (History)
6 users (show)

See Also:
Fixed In Version: 2.5.4-34.fc9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-28 18:17:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Tomasz Ostrowski 2005-08-12 08:57:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
When patching a file which is on the same partition that /tmp directory its security context is reset to tmp_t.

Version-Release number of selected component (if applicable):
patch-2.5.4-24 selinux-policy-targeted-1.25.3-12

How reproducible:
Always

Steps to Reproduce:
1. cd $HOME
2. echo example1 > example1; echo example2 > example2
3. ls -lZ example?
-rw-r--r--  tometzky users    user_u:object_r:user_home_t      example1
-rw-r--r--  tometzky users    user_u:object_r:user_home_t      example2
4. diff -u example1 example2 | patch example1
patching file example1
5. ls -lZ example?

Actual Results:  -rw-r--r--  tometzky users    user_u:object_r:tmp_t            example1
-rw-r--r--  tometzky users    user_u:object_r:user_home_t      example2


Expected Results:  -rw-r--r--  tometzky users    user_u:object_r:user_home_t      example1
-rw-r--r--  tometzky users    user_u:object_r:user_home_t      example2


Additional info:

As can be seen by strace patch creates new version of a file as a temporary file in /tmp/ and then renames this file to the patched one and sets permissions to that of patched one causing that the file context will be tmp_t. If temporary and patched files are not on the same partition it fails to move and falls back to unlinking patched file, copying temporary file to the pathed and resetting permissions thus reseting it's context to default.

I found this when I pathed a file in /etc and then realized that the daemon it was configuring does not start - it couldn't read its configuration.
Comment 1 Tim Waugh 2005-08-12 12:39:02 EDT
Needs to use something like the mch_copy_sec() function from vim-selinux.patch.
Comment 2 Tim Waugh 2005-12-08 07:34:42 EST
Patch also does not preserve user/group ownership.  This is just not how patch
behaves.
Comment 3 Tim Waugh 2005-12-20 09:55:27 EST
*** Bug 167822 has been marked as a duplicate of this bug. ***
Comment 4 Tim Waugh 2006-04-25 11:50:10 EDT
*** Bug 189890 has been marked as a duplicate of this bug. ***
Comment 5 Stephen Smalley 2006-08-04 09:28:18 EDT
patch appears to apply chmod() to preserve mode, so that is analagous to
preserving security context.
Comment 6 Stephen Smalley 2006-08-04 09:36:53 EDT
Also appears to propagate the original file's mode to create file operations,
which would be analogous to calling setfscreatecon() with the result of a
getfilecon on the original prior to creating the output files.
Comment 7 Christian Iseli 2007-01-19 19:13:19 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 8 Tomasz Ostrowski 2007-01-20 04:11:12 EST
Retested on patch-2.5.4-29.2.2 from FC6 - still applies.
Comment 9 Tomasz Ostrowski 2007-01-20 04:16:38 EST
Strange - I've checked that "I am providing the requested information" and this
bug still is in needinfo state. I'm trying again.
Comment 10 Tim Waugh 2007-10-04 12:05:28 EDT
Too risky for F-8 at this stage; still don't have a working patch (but it's
getting there).
Comment 11 Bug Zapper 2008-05-14 07:57:59 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 12 Fedora Update System 2008-06-16 07:22:14 EDT
patch-2.5.4-34.fc9 has been submitted as an update for Fedora 9
Comment 13 Fedora Update System 2008-06-16 19:32:47 EDT
patch-2.5.4-34.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update patch'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5384
Comment 14 Fedora Update System 2008-06-28 18:17:03 EDT
patch-2.5.4-34.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.