Bug 214605 - Add some SE Linux specific checks
Add some SE Linux specific checks
Product: Fedora
Classification: Fedora
Component: rpmlint (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ville Skyttä
Fedora Extras Quality Assurance
: MoveUpstream, Patch
Depends On:
  Show dependency treegraph
Reported: 2006-11-08 11:49 EST by Steve Grubb
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 0.79-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-02 11:07:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch addressing the issues listed above (1.24 KB, patch)
2006-11-08 11:49 EST, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2006-11-08 11:49:02 EST
Description of problem:
rpmlint does not know about some SE Linux related problems that could exist in
scriptlets. For example, using chcon and runcon requires knowing a policy type -
which could change on a policy upgrade and completely break the scriptlet. I
will attach a patch that detects encoded policy knowledge in scriplets.

Version-Release number of selected component (if applicable):
Comment 1 Steve Grubb 2006-11-08 11:49:02 EST
Created attachment 140668 [details]
Patch addressing the issues listed above
Comment 2 Ville Skyttä 2006-11-08 13:37:32 EST
Thanks.  Could you submit a message that would be displayed when rpmlint is run
with -i/-I?  Ideally, the message should describe what's wrong and what to do
about it.  I'm thinking about something like this, but I'm not knowledgeable
enough about SELinux to write the "what to do about it" part:

  A command which may require intimate knowledge about specific SELinux
  policy types which are subject to change in future policies was found
  in the scriptlet. [Fill here what the packager should do about it.]
Comment 3 Steve Grubb 2006-11-08 13:49:00 EST
Sure, here's the text slightly modified from above:

  A command which requires intimate knowledge about a specific SELinux
  policy type was found in the scriptlet. These types are subject to change
  on a policy version upgrade. The packager should should use the restorecon 
  command which querries the currently loaded policy for the correct type.
Comment 4 Ville Skyttä 2006-11-08 14:33:09 EST
Applied upstream with further minor tweaks as
http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1293, will be in the next
rpmlint release.  Thanks!
Comment 5 Ville Skyttä 2007-02-02 11:07:45 EST
Done in upcoming 0.79-1.

Note You need to log in before you can comment on or make changes to this bug.