Bug 1684221 - The files /usr/sbin/dumpe2fs and /usr/sbin/e2mmpstatus should have the same rules for restorecon.
Summary: The files /usr/sbin/dumpe2fs and /usr/sbin/e2mmpstatus should have the same r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 29
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
URL:
Whiteboard:
: 1684785 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-28 18:27 UTC by Villy Kruse
Modified: 2019-03-15 18:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-15 18:29:17 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Villy Kruse 2019-02-28 18:27:01 UTC
Description of problem:

When running restorecon on /usr/sbin the files /usr/sbin/dumpe2fs and /usr/sbin/e2mmpstatus (which are hardlinks to each other) are fixed in an inconsitent way.

Version-Release number of selected component (if applicable):


How reproducible:

Always

Steps to Reproduce:
1.  Have the package e2fsprogs installed
2.  Run restorecon -v -R /usr/sbin
3.

Actual results:

[root@mybox selinux]# restorecon -v -R /usr
Relabeled /usr/sbin/dumpe2fs from system_u:object_r:bin_t:s0 to system_u:object_r:fsadm_exec_t:s0
Relabeled /usr/sbin/e2mmpstatus from system_u:object_r:fsadm_exec_t:s0 to system_u:object_r:bin_t:s0


Expected results:

These files gets fixed in a consistent way.

Additional info:

The files are actually hardlinks to each other and therefore must have the same SELinux label.

ls -li /usr/sbin/dumpe2fs /usr/sbin/e2mmpstatus
1313471 -rwxr-xr-x. 2 root root 37312 Jan 31 19:08 /usr/sbin/dumpe2fs


The file /etc/selinux/targeted/contexts/files/file_contexts contains the following

/sbin/e2mmpstatus    --      system_u:object_r:fsadm_exec_t:s0
/sbin/dumpe2fs       --      system_u:object_r:fsadm_exec_t:s0
/usr/sbin/dumpe2fs   --      system_u:object_r:fsadm_exec_t:s0

Missing is the definition for /usr/sbin/e2mmpstatus.




1313471 -rwxr-xr-x. 2 root root 37312 Jan 31 19:08 /usr/sbin/e2mmpstatus

Comment 1 Lukas Vrabec 2019-03-04 12:44:02 UTC
*** Bug 1684785 has been marked as a duplicate of this bug. ***

Comment 2 Lukas Vrabec 2019-03-04 12:49:15 UTC
commit 8bb6994251b09ee68d9695861b3b63fb60d45826 (HEAD -> f29)
Author: Lukas Vrabec <lvrabec>
Date:   Mon Mar 4 13:47:58 2019 +0100

    Label /usr/sbin/e2mmpstatus as fsadm_exec_t
    Resolves: rhbz#1684221

Comment 3 Fedora Update System 2019-03-12 18:37:38 UTC
selinux-policy-3.14.2-51.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cc36fafbb

Comment 4 Fedora Update System 2019-03-12 23:41:24 UTC
selinux-policy-3.14.2-51.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-4cc36fafbb

Comment 5 Fedora Update System 2019-03-15 18:29:17 UTC
selinux-policy-3.14.2-51.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.