Bug 480418 - Confusing SELinux errors caused by pkiremove
Confusing SELinux errors caused by pkiremove
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Installer (pkicreate/pkiremove) (Show other bugs)
1.0
All Linux
low Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-01-16 17:48 EST by Andrew Wnuk
Modified: 2015-01-05 20:20 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:31:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Wnuk 2009-01-16 17:48:16 EST
Description of problem:
  Confusing SELinux errors caused by pkiremove.

Version-Release number of selected component (if applicable):
  RHCS 8.0 on Fedora 8


How reproducible: always

Steps to Reproduce:
1. run "pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca"
  
Actual results:
pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
PKI instance Deletion Utility ...

PKI instance Deletion Utility cleaning up instance ...

You have elected to remove the instance installed in /var/lib/pki-ca.
Are you sure (Y/N)?   y

No security domain defined.  If this is an unconfigured instance, then that is OK.
Otherwise, manually delete the entry from the security domain master.
Removing port 9180 from selinux policy.
/usr/sbin/semanage: Port tcp/9180 is defined in policy, cannot be deleted
Port 9180 not removed from selinux policy correctly.
Removing port 9443 from selinux policy.
/usr/sbin/semanage: Port tcp/9443 is defined in policy, cannot be deleted
Port 9443 not removed from selinux policy correctly.
Removing port 9701 from selinux policy.
/usr/sbin/semanage: Port tcp/9701 is defined in policy, cannot be deleted
Port 9701 not removed from selinux policy correctly.
Removing selinux file contexts. 
/usr/sbin/semanage: File context for /var/log/pki-ca(/.*)? is defined in policy, cannot be deleted
ERROR: Error in setting selinux file context pki_ca_log_t for "/var/log/pki-ca(/.*)?"

/usr/sbin/semanage: File context for /etc/pki-ca(/.*)? is defined in policy, cannot be deleted
ERROR: Error in setting selinux file context pki_ca_etc_rw_t for "/etc/pki-ca(/.*)?"

Stopping pki-ca: ...............................           [  OK  ]

Removing dir /var/lib/pki-ca
Removing dir /etc/pki-ca
Removing dir /var/log/pki-ca
Removing file /var/log/pki-ca-install.log
Removing file /etc/init.d/pki-ca
Removing file /usr/share/applications/pki-ca-config.desktop
Removing file /usr/bin/dtomcat5-pki-ca


Expected results:
Avoid causing SELinux errors.
Comment 1 Ade Lee 2009-02-09 14:36:34 EST
Changes in 480419
mharmsen, please review!
Comment 2 Matthew Harmsen 2009-02-10 13:29:47 EST
attachment (id=331351) +mharmsen (with the following changes)

base/setup/pkiremove:
Change:
print "Port $port not removed from selinux policy because it defined in policy.  This is OK.\n";
To:
print "Port $port not removed from selinux policy because it is defined in policy.  This is OK.\n";

dogtag/setup/pki-setup.spec:
Change:
Bugzilla Bugs #480418, 480418, 479891
To:
Bugzilla Bugs #480418, 480419, 479891
Comment 3 Ade Lee 2009-02-10 13:52:34 EST
Sending        setup/pkicreate
Sending        setup/pkiremove
Transmitting file data ..
Committed revision 217.

Sending        setup/pki-setup.spec
Transmitting file data .
Committed revision 218.
Comment 4 Kashyap Chamarthy 2009-06-13 11:06:10 EDT
Verified on RHEL 5.3. No Selinux errors are thrown, when pkiremove is performed.

Note You need to log in before you can comment on or make changes to this bug.