Bug 193892 - OpenPegasus SDK test fails with SELinux policies active
OpenPegasus SDK test fails with SELinux policies active
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: tog-pegasus (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-02 15:02 EDT by Denise Eckstein
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHBA-2006-0474
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-22 12:19:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Denise Eckstein 2006-06-02 15:02:33 EDT
Description of problem:


Version-Release number of selected component (if applicable):
tog-pegasus-devel-2.5.1-1.EL4
tog-pegasus-2.5.1-1.EL4
selinux-policy-targeted-1.17.30-2.134
selinux-doc-1.14.1-1
libselinux-1.19.1-7.2
libselinux-devel-1.19.1-7.2

How reproducible:

Run the following sequence as "root" with the OpenPegasus SELinux policies 
enabled.

Steps to Reproduce:
1. #rpm -ih tog-pegasus-devel-2.5.1-1.EL4.i386.rpm 
2. #cd /usr/share/Pegasus/samples 
3. #make 
4. #make setupSDK 
5. #make tests 
  
Actual results:

# make tests
make[1]: Entering directory `/usr/share/Pegasus/samples/Clients'
make[2]: Entering directory `/usr/share/Pegasus/samples/Clients/DefaultC++'
make[3]: Entering directory 
`/usr/share/Pegasus/samples/Clients/DefaultC++/EnumInstances'
Error: CIM_ERR_FAILED: A general error occurred that is not covered by a more 
specific error code: "ProviderLoadFailure 
(/usr/lib64/Pegasus/providers/libSampleInstanceProvider.so:SampleInstanceProvid
er):Cannot load library, 
error: /usr/lib64/Pegasus/providers/libSampleInstanceProvider.so: failed to 
map segment from shared object: Permission denied"
make[3]: *** [tests] Error 1
make[3]: Leaving directory 
`/usr/share/Pegasus/samples/Clients/DefaultC++/EnumInstances'
make[2]: *** [tests] Error 2
make[2]: Leaving directory `/usr/share/Pegasus/samples/Clients/DefaultC++'
make[1]: *** [tests] Error 2
make[1]: Leaving directory `/usr/share/Pegasus/samples/Clients'
make: *** [tests] Error 2

Expected results:


Additional info:
Comment 1 Denise Eckstein 2006-06-02 18:04:01 EDT
Solution/Workaround 

By default, the security contexts for the sample providers is not defined 
correctly.

You can use the "ls -Z" command to display the current settings 
# cd /usr/share/Pegasus/samples/Providers/DefaultC++/InstanceProvider/
# ls -Z libSampleInstanceProvider.so
-rwxr-xr-x root root root:object_r:usr_t libSampleInstanceProvider.so

You can use the "chcon" command to change the security context to the correct 
setting. 
# cd /usr/share/Pegasus/samples/Providers/DefaultC++/InstanceProvider/
# chcon -u system_u -r object_r -t shlib_t libSampleInstanceProvider.so
# cd /usr/share/Pegasus/samples/Providers/DefaultC++/MethodProvider/
# chcon -u system_u -r object_r -t shlib_t libSampleMethodProvider.so
# cd /usr/share/Pegasus/samples/Providers/DefaultC++/IndicationProvider/
# chcon -u system_u -r object_r -t shlib_t libSampleIndicationProvider.so
# cd /usr/share/Pegasus/samples/Providers/DefaultC++/AssociationProvider
# chcon -u system_u -r object_r -t shlib_t libSampleAssociationProvider.so
Comment 2 Jason Vas Dias 2006-06-05 18:01:08 EDT
OK, the /usr/share/Pegasus/samples/Makefile will now set the SELinux context of
the /usr/share/Pegasus/samples/Providers/*/*/*.so* libraries correctly in 
the 'setupSDK' target, in the next tog-pegasus-2.5.1-2.EL4 version.
Comment 3 Denise Eckstein 2006-06-05 18:43:35 EDT
Thanks!
Comment 5 Bill Nottingham 2006-11-22 12:19:29 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0474.html

Note You need to log in before you can comment on or make changes to this bug.