Bug 480266 - "semanage translation -a | -d" changes setrans.conf mode
"semanage translation -a | -d" changes setrans.conf mode
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-15 22:25 EST by Murray McAllister
Modified: 2015-01-04 17:35 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-13 11:21:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Murray McAllister 2009-01-15 22:25:39 EST
Description of problem:
Fix for bug #460971 appears incomplete. Denials no longer occur, but the mode of "/etc/selinux/targeted/setrans.conf" is still changed to 600.


Version-Release number of selected component (if applicable):
policycoreutils-2.0.57-14.fc10.i386
selinux-policy-3.5.13-38.fc10.noarch
selinux-policy-targeted-3.5.13-38.fc10.noarch


How reproducible:
Always.

Steps to Reproduce:
Adding:
$ ls -l /etc/selinux/targeted/setrans.conf 
-rw-r--r-- 1 root root 598 2009-01-16 13:17 /etc/selinux/targeted/setrans.conf
$ sudo semanage translation -a -T Secret s0:c1
$ ls -l /etc/selinux/targeted/setrans.conf 
-rw------- 1 root root 611 2009-01-16 13:17 /etc/selinux/targeted/setrans.conf

Deleting:
$ sudo chmod 644 /etc/selinux/targeted/setrans.conf
$ sudo semanage translation -d s0:c1
$ ls -l /etc/selinux/targeted/setrans.conf 
-rw------- 1 root root 598 2009-01-16 13:19 /etc/selinux/targeted/setrans.conf


Additional info:
"strace semanage translation -a -T Secret s0:c1" contains at the end:

open("/etc/selinux/targeted/setrans.confkcqVEp", O_RDWR|O_CREAT|O_EXCL|O_LARGEFILE|O_NOFOLLOW, 0600) = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
write(3, "#\n# Multi-Category Security trans"..., 611) = 611
close(3)                                = 0
rename("/etc/selinux/targeted/setrans.confkcqVEp", "/etc/selinux/targeted/setrans.conf") = 0

This is all I could find that would change the mode to 600. Is this expected behavior?
Comment 1 Daniel Walsh 2009-04-13 11:21:19 EDT
Fixed in policycoreutils-2.0.62-9.fc11

Note You need to log in before you can comment on or make changes to this bug.