2232410 – Installing gcc-toolset-12-binutils results in files with incorrect selinux context.

Bug 2232410 - Installing gcc-toolset-12-binutils results in files with incorrect selinux context.

Summary: Installing gcc-toolset-12-binutils results in files with incorrect selinux co...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	binutils
Sub Component:
Version:	8.7
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Nick Clifton
QA Contact:	Martin Cermak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-08-16 17:18 UTC by sgardner
Modified:	2023-08-16 17:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description sgardner 2023-08-16 17:18:40 UTC

Description of problem:
When installing the gcc-toolset-11-binutils.  Files within directory "/opt/rh/gcc-toolset-12/root/usr/share/locale/" are created with incorrect context.

The files are expected to get context from gcc-toolset-12-runtime package which has an install script that creates the following selinux rule.
---------------------------------------------------------------------------------
if [ ! -f /opt/rh/gcc-toolset-12/root/etc/selinux-equiv.created ]; then
  /usr/sbin/semanage fcontext -a -e / /opt/rh/gcc-toolset-12/root
  restorecon -R /opt/rh/gcc-toolset-12/root
  touch /opt/rh/gcc-toolset-12/root/etc/selinux-equiv.created
fi
---------------------------------------------------------------------------------

I believe this fails because the context rule is created just before installing these files, and the rule has yet to be written to disk.  This can be avoided by simply installing gcc-toolset-12-runtime first, and then installing gcc-toolset-12-binutils in a separate command.

This is only reproduced when both packages are installed in the same yum command.




Version-Release number of selected component (if applicable):
gcc-toolset-12-binutils-2.38-16.el8.x86_64

NOTE- This is also reproduced on all available version in RHEL8.




How reproducible:
Easily


Steps to Reproduce:
1.# yum remove gcc-toolset-12-runtime
1.# yum install gcc-toolset-12-binutils
2.# restorecon -Rvn /opt/rh/gcc-toolset-12/root/


Actual results:
]# restorecon -Rvn /opt/rh/gcc-toolset-12
Would relabel /opt/rh/gcc-toolset-12/root/usr/lib64/bfd-plugins from system_u:object_r:usr_t:s0 to system_u:object_r:lib_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/bg from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/bg/LC_MESSAGES from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/bg/LC_MESSAGES/binutils.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/bg/LC_MESSAGES/gprof.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/bg/LC_MESSAGES/ld.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/ca from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/ca/LC_MESSAGES from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/ca/LC_MESSAGES/binutils.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES/bfd.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES/binutils.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES/gprof.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES/ld.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/da/LC_MESSAGES/opcodes.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/de from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/de/LC_MESSAGES from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/de/LC_MESSAGES/gprof.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/de/LC_MESSAGES/ld.mo from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0
Would relabel /opt/rh/gcc-toolset-12/root/usr/share/locale/de/LC_MESSAGES/opcodes.mo from system_u:object_r:usr_t:s0 to system_u:object_r:l





Expected results:
No relabelling required.




Additional info:
My opinion is to simply run restorecon on the offending directory within the postinstall script for package gcc-toolset-12-binutils.

Note You need to log in before you can comment on or make changes to this bug.