Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 207157 - rpm is not setting the correct context on the locale directories
rpm is not setting the correct context on the locale directories
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-19 15:02 EDT by Daniel Walsh
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-04 02:55:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Daniel Walsh 2006-09-19 15:02:48 EDT 
Description of problem:

After a fresh install running fixfiles check reveals the following problems

/sbin/setfiles:  relabeling /usr/share/locale/ka from system_u:object_r:usr_t:s0
to system_u:object_r:locale_t:s0
/sbin/setfiles:  relabeling /usr/share/locale/ka/LC_MESSAGES from
system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
...

Seems rpm is not setting the context when it creates directories "lazily"
At least this is what Jeremy suggested.
Comment 1 Jeff Johnson 2006-10-04 21:48:58 EDT 
Perhaps. The code that sets contexts on "orphan" directories is rather
straightforward however.

A reproducer with -vv --fsmdebug should be a rather easy way to establish
whether rpm is setting file contexts correctly or not.

I claim Jeremy hasn't a clue. Want to bet?

Meanwhile, this patch is relevant for those (like me) who don't wish to run SELinux:
@@ -1276,7 +1337,12 @@
 /*@-compdef@*/
     rpmts ts = fsmGetTs(fsm);
 /*@=compdef@*/
-    rpmsx sx = rpmtsREContext(ts); 
+    rpmsx sx = NULL;
+       
+    /* XXX Set file contexts on non-packaged dirs iff selinux enabled. */
+    if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 &&
+      !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS))
+       sx = rpmtsREContext(ts);
     
     fsm->path = NULL;
     
@@ -1305,7 +1371,8 @@
        fsm->path = dn;
 
        /* Assume '/' directory exists, "mkdir -p" for others if non-existent */
-       for (i = 1, te = dn + 1; *te != '\0'; te++, i++) {
+       (void) urlPath(dn, (const char **)&te);
+       for (i = 1, te++; *te != '\0'; te++, i++) {
            if (*te != '/')
                /*@innercontinue@*/ continue;
Comment 2 Jeff Johnson 2007-04-10 21:47:07 EDT 
No additional info == NOTABUG
Comment 3 Red Hat Bugzilla 2007-08-21 01:26:39 EDT 
User pnasrat@redhat.com's account has been closed
Comment 4 Panu Matilainen 2007-08-22 02:34:16 EDT 
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 5 Panu Matilainen 2007-09-04 02:55:24 EDT 
Tested with rpm-4.4.2.2-0.1.fc8.rc1 (which has no selinux/directory handling
related changes over 4.4.2.1) and directories that aren't explicitly owned by
packages get correct context.

Works for me, if it doesn't for you I'll need a reproducer...
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.