Description of problem: I noticed aide no longer transitioned and that it was labeled sbin_t. semanage fcontext --list | grep aide showed a leading 'l' for its regex. Version-Release number of selected component (if applicable): selinux-policy-mls-2.4.6-57.el5 How reproducible: Install the LSPP evaluated configuration and ls -Z /usr/bin/aide. Also, running aide will complain on s few files. Steps to Reproduce: 1. Install the LSPP evaluated configuration. 2. aide_run( domain , role , terminal ) 3. semanage fcontext --list | grep aide 4. look for a leading 'l' on the aide binary regex. Actual results: aide is mislabeled and does not transition. Expected results: aide should get the correct label and transition.
Created attachment 152630 [details] Patch to remove leading l from aide fc regex
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in selinux-policy-2.4.6-58
I verified this is fixed in 58.
Verified good. Removing tracker. Thanks.
A fix for this issue has been included in the packages contained in the beta (RHN channel) or most recent snapshot (partners.redhat.com) for RHEL5.1. Please verify that your issue is fixed. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to ASSIGNED.
A fix for this issue should have been included in the packages contained in the most recent snapshot (partners.redhat.com) for RHEL5.1. Requested action: Please verify that your issue is fixed as soon as possible to ensure that it is included in this update release. After you (Red Hat Partner) have verified that this issue has been addressed, please perform the following: 1) Change the *status* of this bug to VERIFIED. 2) Add *keyword* of PartnerVerified (leaving the existing keywords unmodified) If this issue is not fixed, please add a comment describing the most recent symptoms of the problem you are having and change the status of the bug to FAILS_QA. More assistance: If you cannot access bugzilla, please reply with a message to Issue Tracker and I will change the status for you. If you need assistance accessing ftp://partners.redhat.com, please contact your Partner Manager.
Verified in RHEL 5.1 Snap 3 on ppc64.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0544.html