Bug 480419 - Confusing SELinux errors caused by installation of pki-ca
Confusing SELinux errors caused by installation of pki-ca
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Installer (pkicreate/pkiremove) (Show other bugs)
1.0
All Linux
low Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-01-16 17:52 EST by Andrew Wnuk
Modified: 2015-01-05 20:16 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:31:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix (4.80 KB, patch)
2009-02-09 14:48 EST, Ade Lee
no flags Details | Diff

  None (edit)
Description Andrew Wnuk 2009-01-16 17:52:40 EST
Description of problem:
Confusing SELinux errors caused by installation of pki-ca.

Version-Release number of selected component (if applicable):
RHCS 8.0 on Fedora 8

How reproducible: always


Steps to Reproduce:
1. run "rpm -ivh pki-ca-1.0.0-nn.fc8.noarch.rpm"
  
Actual results:
rpm -ivh pki-ca-1.0.0-19.fc8.noarch.rpm
Preparing...                ########################################### [100%]
   1:pki-ca                 ########################################### [100%]
PKI instance creation Utility ...

/usr/sbin/semanage: File context for /var/log/pki-ca(/.*)? already defined
Error in setting selinux file context pki_ca_log_t for "/var/log/pki-ca(/.*)?"

/usr/sbin/semanage: File context for /etc/pki-ca(/.*)? already defined
Error in setting selinux file context pki_ca_etc_rw_t for "/etc/pki-ca(/.*)?"


PKI instance creation completed ...

Starting pki-ca:          [  OK  ]

PKI service(s) are available at https://a-f8.sjc.redhat.com:9443

Server can be operated with /etc/init.d/pki-ca start | stop | restart

Please start the configuration by accessing:
http://a-f8.sjc.redhat.com:9180/ca/admin/console/config/login?pin=2nN082KndaLg9Zac6YPH

Before proceeding with the configuration, make sure 
the firewall settings of this machine permit proper 
access to this subsystem. 

Install finished.


Expected results:
Avoid causing SELinux errors.
Comment 1 Kashyap Chamarthy 2009-01-30 08:13:36 EST
I noticed similar selinux errors for other subsystems like RA, TKS and TPS also.

@ cfu: As I have not created this bug, I think, I don't have the *edit* right for the bug summary field.
Comment 2 Ade Lee 2009-02-09 14:48:42 EST
Created attachment 331351 [details]
patch to fix

Patch for 480418, 480419, 489881

mharmsen, please review
Comment 3 Matthew Harmsen 2009-02-10 13:29:39 EST
attachment (id=331351) +mharmsen (with the following changes)

base/setup/pkiremove:
Change:
print "Port $port not removed from selinux policy because it defined in policy.  This is OK.\n";
To:
print "Port $port not removed from selinux policy because it is defined in policy.  This is OK.\n";

dogtag/setup/pki-setup.spec:
Change:
Bugzilla Bugs #480418, 480418, 479891
To:
Bugzilla Bugs #480418, 480419, 479891
Comment 4 Ade Lee 2009-02-10 13:53:34 EST
Sending        setup/pkicreate
Sending        setup/pkiremove
Transmitting file data ..
Committed revision 217.

Sending        setup/pki-setup.spec
Transmitting file data .
Committed revision 218.
Comment 5 Kashyap Chamarthy 2009-06-02 07:35:25 EDT
VVerified(with June 1 2009 build). Installation goes smoothly, without any Selinux errors.

Note You need to log in before you can comment on or make changes to this bug.