Bug 207157 - rpm is not setting the correct context on the locale directories
Summary: rpm is not setting the correct context on the locale directories
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-19 19:02 UTC by Daniel Walsh
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-04 06:55:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Walsh 2006-09-19 19:02:48 UTC 
Description of problem:

After a fresh install running fixfiles check reveals the following problems

/sbin/setfiles:  relabeling /usr/share/locale/ka from system_u:object_r:usr_t:s0
to system_u:object_r:locale_t:s0
/sbin/setfiles:  relabeling /usr/share/locale/ka/LC_MESSAGES from
system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
...

Seems rpm is not setting the context when it creates directories "lazily"
At least this is what Jeremy suggested.
Comment 1 Jeff Johnson 2006-10-05 01:48:58 UTC 
Perhaps. The code that sets contexts on "orphan" directories is rather
straightforward however.

A reproducer with -vv --fsmdebug should be a rather easy way to establish
whether rpm is setting file contexts correctly or not.

I claim Jeremy hasn't a clue. Want to bet?

Meanwhile, this patch is relevant for those (like me) who don't wish to run SELinux:
@@ -1276,7 +1337,12 @@
 /*@-compdef@*/
     rpmts ts = fsmGetTs(fsm);
 /*@=compdef@*/
-    rpmsx sx = rpmtsREContext(ts); 
+    rpmsx sx = NULL;
+       
+    /* XXX Set file contexts on non-packaged dirs iff selinux enabled. */
+    if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 &&
+      !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS))
+       sx = rpmtsREContext(ts);
     
     fsm->path = NULL;
     
@@ -1305,7 +1371,8 @@
        fsm->path = dn;
 
        /* Assume '/' directory exists, "mkdir -p" for others if non-existent */
-       for (i = 1, te = dn + 1; *te != '\0'; te++, i++) {
+       (void) urlPath(dn, (const char **)&te);
+       for (i = 1, te++; *te != '\0'; te++, i++) {
            if (*te != '/')
                /*@innercontinue@*/ continue;
Comment 2 Jeff Johnson 2007-04-11 01:47:07 UTC 
No additional info == NOTABUG
Comment 3 Red Hat Bugzilla 2007-08-21 05:26:39 UTC 
User pnasrat@redhat.com's account has been closed
Comment 4 Panu Matilainen 2007-08-22 06:34:16 UTC 
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 5 Panu Matilainen 2007-09-04 06:55:24 UTC 
Tested with rpm-4.4.2.2-0.1.fc8.rc1 (which has no selinux/directory handling
related changes over 4.4.2.1) and directories that aren't explicitly owned by
packages get correct context.

Works for me, if it doesn't for you I'll need a reproducer...
Note You need to log in before you can comment on or make changes to this bug.