Bug 228557 - LSPP: In labeled ipsec, permissions are checked after deleting the policy
LSPP: In labeled ipsec, permissions are checked after deleting the policy
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
: OtherQA
Depends On:
Blocks: 234654 RHEL5LSPPCertTracker
  Show dependency treegraph
 
Reported: 2007-02-13 14:36 EST by Joy Latten
Modified: 2010-10-22 08:59 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 14:40:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joy Latten 2007-02-13 14:36:17 EST
Description of problem:
In labeled ipsec, we check to see if selinux grants permissions to delete the
policy after the policy has been scheduled to be deleted. We should check
permissions first, and then delete the policy if granted.

How reproducible:
Occurs everytime you delete a labeled ipsec policy.

Steps to Reproduce:
1.Create a labeled ipsec policy.
2.Delete the labeled ipsec policy as someone who should not be able to.
  
Actual results:
Policy is deleted, regardless of permissions.

Expected results:
Policy should be deleted if permissions granted.
Comment 1 Eric Paris 2007-02-19 12:25:05 EST
I will be taking the responcibility for this bug and hopefully will have a patch
today.  There is no fix in LSPP.65
Comment 2 Eric Paris 2007-03-06 16:33:27 EST
Fix is present in LSPP .66 and later.  Pushed upstream 

http://marc.theaimsgroup.com/?l=linux-netdev&m=117312936826591&w=2

will submit after accepted into an upstream tree.
Comment 3 Joy Latten 2007-03-16 18:44:13 EDT
Tested in lspp 68 kernel and works great!
Comment 4 RHEL Product and Program Management 2007-04-17 12:01:56 EDT
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 5 Don Zickus 2007-04-23 17:53:44 EDT
in 2.6.18-16.el5
Comment 7 John Poelstra 2007-08-27 14:38:51 EDT
A fix for this issue should have been included in the packages contained in the
RHEL5.1-Snapshot3 on partners.redhat.com.  

Requested action: Please verify that your issue is fixed as soon as possible to
ensure that it is included in this update release.

After you (Red Hat Partner) have verified that this issue has been addressed,
please perform the following:
1) Change the *status* of this bug to VERIFIED.
2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified)

If this issue is not fixed, please add a comment describing the most recent
symptoms of the problem you are having and change the status of the bug to FAILS_QA.

More assistance: If you cannot access bugzilla, please reply with a message to
Issue Tracker and I will change the status for you.  If you need assistance
accessing ftp://partners.redhat.com, please contact your Partner Manager.
Comment 8 Joy Latten 2007-08-28 15:05:58 EDT
Verified that this is fixed.
Comment 10 errata-xmlrpc 2007-11-07 14:40:19 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html

Note You need to log in before you can comment on or make changes to this bug.