Bug 175354 - Failure of postinstall script to change security context
Failure of postinstall script to change security context
Product: Fedora
Classification: Fedora
Component: libannodex (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Vander Stichele
Fedora Extras Quality Assurance
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-12-09 05:16 EST by Stephen Biggs
Modified: 2008-03-09 21:27 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-09 21:27:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stephen Biggs 2005-12-09 05:16:25 EST
Description of problem:
Upon installation of libannodex-0.7.2-1.fc4, attempts to change the security
context of the libraries fail with errors.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. install/update to libannodex-0.7.2-1.fc4
Actual results:
The following errors occur:
chcon: can't apply partial context to unlabeled file /usr/lib/libannodex.so.0
chcon: can't apply partial context to unlabeled file /usr/lib/libannodex.so.0.4.0

Expected results:
Installation/upgrade without incident

Additional info:
Comment 1 Thomas Vander Stichele 2005-12-18 05:23:28 EST

the relevant post line reads:
chcon -t texrel_shlib_t %{_libdir}/libannodex.so.*

what should I do about this ? I think you mentioned getting something in
selinux-policy ?


does this problem actually fail the install ? AFAICT all that would be happening
is that it prints the two lines - is that correct ?
Comment 2 Stephen Biggs 2005-12-24 14:27:15 EST
I don't think it fails install.  It shows as installed in RPM's list. 
However, IMHO, I think that it should fail, even if it doesn't currently. I 
think that it is worse if it actually goes ahead and is installed with this 
kind of error. This is a library that ends up with the default security 
context instead of what the author intended. 
That is, if the author or maintainer have good reasons to be changing security 
contexts and it is not changed correctly, then it should be failing the 
install.  It is an exploit waiting to happen.  But, on the other hand, if 
there aren't any good reasons to be messing with the security context in the 
first place, then why bother? 
Comment 3 Dennis Gilmore 2006-03-09 14:14:38 EST
this hasn't been touched in awhile,  Is this still true?  has anything been 
done to have the changes added to the default selinux policy? 
Comment 4 Thomas Vander Stichele 2006-06-15 05:21:54 EDT
I really can't comment further, I don't understand selinux well enough and could
really use someone with more knowledge to look at this.
Comment 5 Thomas Vander Stichele 2006-09-02 06:53:05 EDT
has this happened at all with the latest package, 0.7.3-3.fc4 ?
Comment 6 petrosyan 2008-03-09 21:27:07 EDT
The information we've requested above is required in order
to review this problem report further and diagnose/fix the
issue if it is still present.  Since there have not been any
updates to the report since thirty (30) days or more since we
requested additional information, we're assuming the problem
is either no longer present in the current Fedora release, or
that there is no longer any interest in tracking the problem.

Setting status to "INSUFFICIENT_DATA".  If you still
experience this problem after updating to our latest Fedora
release and can provide the information previously requested, 
please feel free to reopen the bug report.

Thank you in advance.

Note You need to log in before you can comment on or make changes to this bug.