Bug 238642 - Warning messages for /etc/selinux/targeted/contexts/files/file_contexts and vlc
Warning messages for /etc/selinux/targeted/contexts/files/file_contexts and vlc
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-01 18:54 EDT by Wojciech Pilorz
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:13:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wojciech Pilorz 2007-05-01 18:54:18 EDT
Description of problem:
Error messages from yum during update of selinux-policy-targeted to version
selinux-policy-targeted-2.4.6-62.fc6

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.6-62.fc6

How reproducible:
yum shell
update

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Yum displayed the following message
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /usr/lib/vlc/codec/libdmo_plugin.so 
(system_u:object_r:textrel_shlib_t:s0 and system_u:object_r:shlib_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /usr/lib/vlc/codec/librealaudio_plugin.so 
(system_u:object_r:textrel_shlib_t:s0 and system_u:object_r:shlib_t:s0).

Both .so files mentioned are from vlc-0.8.6b-1.lvn6

/var/log/messages show

restorecond: Will not restore a file with more than one hard link
(/etc/resolv.conf) Invalid argument

during yum session, as well as during bootup and shutdown

Expected results:
No messages:

Additional info:
Comment 1 Daniel Walsh 2007-05-03 10:26:37 EDT
Did you modify the context to be textrel_shlib_t?  The current policy only
requires these to be shlib_t?
Comment 2 Mace Moneta 2007-05-03 11:07:07 EDT
It looks like the Livna VLC package performs:


$ rpm -q --scripts vlc

postinstall scriptlet (using /bin/sh):
/usr/bin/gtk-update-icon-cache -qf /usr/share/icons/hicolor &>/dev/null || :
/sbin/ldconfig
# Add new labeling rules for libraries requiring text relocation:
/usr/sbin/semanage fcontext -a -t textrel_shlib_t 
/usr/lib/vlc/codec/libdmo_plugin.so
/usr/sbin/semanage fcontext -a -t textrel_shlib_t
/usr/lib/vlc/codec/librealaudio_plugin.so
# Set correct SELinux security contexts:
restorecon /usr/lib/vlc/codec/libdmo_plugin.so
/usr/lib/vlc/codec/librealaudio_plugin.so
postuninstall scriptlet (using /bin/sh):
/usr/bin/gtk-update-icon-cache -qf /usr/share/icons/hicolor &>/dev/null || :
/sbin/ldconfig

Comment 3 Wojciech Pilorz 2007-05-03 11:40:35 EDT
I have not personally changed anything, just
yum shell update
If I run
cd /etc/selinux/; find * -type f | env LANG=C xargs -r grep vlc
I get
targeted/modules/previous/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so
   system_u:object_r:textrel_shlib_t:s0
targeted/modules/previous/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so
   system_u:object_r:textrel_shlib_t:s0
Binary file targeted/modules/active/base.linked matches
targeted/modules/active/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so
   system_u:object_r:textrel_shlib_t:s0
targeted/modules/active/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so
   system_u:object_r:textrel_shlib_t:s0
Binary file targeted/modules/active/base.pp matches
targeted/modules/active/file_contexts.template:/usr/lib/vlc/codec/libdmo_plugin.so
     --      system_u:object_r:shlib_t:s0
targeted/modules/active/file_contexts.template:/usr/lib/vlc/codec/librealaudio_plugin.so
       --system_u:object_r:shlib_t:s0
targeted/modules/active/file_contexts:/usr/lib/vlc/codec/libdmo_plugin.so      
--      system_u:object_r:shlib_t:s0
targeted/modules/active/file_contexts:/usr/lib/vlc/codec/librealaudio_plugin.so
--      system_u:object_r:shlib_t:s0
targeted/contexts/files/file_contexts.local:/usr/lib/vlc/codec/libdmo_plugin.so
   system_u:object_r:textrel_shlib_t:s0
targeted/contexts/files/file_contexts.local:/usr/lib/vlc/codec/librealaudio_plugin.so
   system_u:object_r:textrel_shlib_t:s0
targeted/contexts/files/file_contexts:/usr/lib/vlc/codec/libdmo_plugin.so      
--      system_u:object_r:shlib_t:s0
targeted/contexts/files/file_contexts:/usr/lib/vlc/codec/librealaudio_plugin.so
--      system_u:object_r:shlib_t:s0

Wojtek
Comment 4 Daniel Walsh 2007-05-04 09:03:23 EDT
I have fixed the default context for these files to be textrel_shlib_t to match
what the distributer wants.  It would have been better if they had contacted me
or fixed their libraries.  But selinux-policy-2.4.6-69 will have the correct
context and should prevent this in the future.
Comment 5 David 2007-05-09 06:03:13 EDT
dwalsh,

Thanks for the update and fix, but its approaching a week and I have not seen an
updated selinux policy toi kill the bug, any idea's when it will be released?
Comment 6 Daniel Walsh 2007-05-14 14:57:55 EDT
It will go to test release today.  Sorry I was at the Red Hat Summit all last week.
Comment 7 Wojciech Pilorz 2007-05-17 16:53:11 EDT
I have installed selinux-policy-targeted-2.4.6-69.fc6 from updates-testing.
Now it is more quiet, when booting the system is says:

/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specification
s for /usr/lib/vlc/codec/libdmo_plugin.so.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/lib/vlc/codec/librealaudio_plugin.so.

at least two times.
The plugins mentioned are from vlc-0.8.6b-1.lvn6.i386.
I am wondering if something could be done to quiet the messages?
Comment 8 Daniel Walsh 2007-05-18 08:51:30 EDT
Yes now you will have to remove the lines added by the vendor to stop the messages

Something like 
semanage fcontext -d /usr/lib/vlc/codec/libdmo_plugin.so
Comment 9 Daniel Walsh 2007-08-22 10:13:11 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.