Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 207157 - rpm is not setting the correct context on the locale directories
rpm is not setting the correct context on the locale directories
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-19 15:02 EDT by Daniel Walsh
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-04 02:55:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Daniel Walsh 2006-09-19 15:02:48 EDT 
Description of problem:

After a fresh install running fixfiles check reveals the following problems

/sbin/setfiles:  relabeling /usr/share/locale/ka from system_u:object_r:usr_t:s0
to system_u:object_r:locale_t:s0
/sbin/setfiles:  relabeling /usr/share/locale/ka/LC_MESSAGES from
system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
...

Seems rpm is not setting the context when it creates directories "lazily"
At least this is what Jeremy suggested.
Comment 1 Jeff Johnson 2006-10-04 21:48:58 EDT 
Perhaps. The code that sets contexts on "orphan" directories is rather
straightforward however.

A reproducer with -vv --fsmdebug should be a rather easy way to establish
whether rpm is setting file contexts correctly or not.

I claim Jeremy hasn't a clue. Want to bet?

Meanwhile, this patch is relevant for those (like me) who don't wish to run SELinux:
@@ -1276,7 +1337,12 @@
 /*@-compdef@*/
     rpmts ts = fsmGetTs(fsm);
 /*@=compdef@*/
-    rpmsx sx = rpmtsREContext(ts); 
+    rpmsx sx = NULL;
+       
+    /* XXX Set file contexts on non-packaged dirs iff selinux enabled. */
+    if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 &&
+      !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS))
+       sx = rpmtsREContext(ts);
     
     fsm->path = NULL;
     
@@ -1305,7 +1371,8 @@
        fsm->path = dn;
 
        /* Assume '/' directory exists, "mkdir -p" for others if non-existent */
-       for (i = 1, te = dn + 1; *te != '\0'; te++, i++) {
+       (void) urlPath(dn, (const char **)&te);
+       for (i = 1, te++; *te != '\0'; te++, i++) {
            if (*te != '/')
                /*@innercontinue@*/ continue;
Comment 2 Jeff Johnson 2007-04-10 21:47:07 EDT 
No additional info == NOTABUG
Comment 3 Red Hat Bugzilla 2007-08-21 01:26:39 EDT 
User pnasrat@redhat.com's account has been closed
Comment 4 Panu Matilainen 2007-08-22 02:34:16 EDT 
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 5 Panu Matilainen 2007-09-04 02:55:24 EDT 
Tested with rpm-4.4.2.2-0.1.fc8.rc1 (which has no selinux/directory handling
related changes over 4.4.2.1) and directories that aren't explicitly owned by
packages get correct context.

Works for me, if it doesn't for you I'll need a reproducer...
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.