Description of problem: The package owns /var/lock/iscsi but does not own /var/lib/iscsi. Why? The filesystem on newly installed RHEL-5.3 machine contains /var/lib/iscsi with wrong SELinux label (correct context is recorded in SELinux policy but is not applied in the filesystem until you call restorecon -v /var/lib/iscsi). Version-Release number of selected component (if applicable): RHEL5.3-Server-20081029.0 iscsi-initiator-utils-6.2.0.868-0.11.el5 How reproducible: always Steps to Reproduce: * install new RHEL-5.3 machine (via RHTS) * install iscsi-initiator-utils package # rpm -qf /var/lock/iscsi iscsi-initiator-utils-6.2.0.868-0.11.el5 # rpm -qf /var/lib/iscsi file /var/lib/iscsi is not owned by any package # matchpathcon -V /var/lock/iscsi /var/lock/iscsi verified. # matchpathcon -V /var/lib/iscsi /var/lib/iscsi has context root:object_r:rpm_var_lib_t:s0, should be system_u:object_r:iscsi_var_lib_t:s0 Actual results: Expected results: Additional info:
Is this due to a goof up in the spec? %files ..... %dir /var/lib/iscsi/nodes %dir /var/lib/iscsi/send_targets %dir /var/lib/iscsi/static %dir /var/lib/iscsi/slp %dir /var/lib/iscsi/isns %dir /var/lib/iscsi/ifaces %dir /var/lock/iscsi Is there also supposed to be a %dir /var/lib/iscsi ?
I think that both /var/lock/iscsi and /var/lib/iscsi should be written in %files section.
Adding devel ACK. This seems like it is low risk so I am also setting the 5.3 flag (not sure if I need to set the exception flag too).
(In reply to comment #3) > (not sure if I need to set the exception flag too). Yes, after beta ships the BZ has to have exception or blocker. Otherwise it gets deflagged. I'll set blocker, since we really should not ship it this way.
Checked in iscsi-initiator-utils 6.2.0.868-0.12.el5.
verified in snapshot 6. Installed: iscsi-initiator-utils.i386 0:6.2.0.868-0.17.el5 Complete! [root@localhost ~]# rpm -qf /var/lock/iscsi iscsi-initiator-utils-6.2.0.868-0.17.el5 [root@localhost ~]# rpm -qf /var/lib/iscsi iscsi-initiator-utils-6.2.0.868-0.17.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0103.html