483387 – mcstransd breaks default file labeling

Bug 483387 - mcstransd breaks default file labeling

Summary: mcstransd breaks default file labeling

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mcstrans
Sub Component:
Version:	10
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-31 12:31 UTC by Tobias Hommel
Modified:	2009-06-18 19:47 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-06-18 19:47:02 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Tobias Hommel 2009-01-31 12:31:07 UTC

Description of problem:
If mcstransd is running, all files that are created get labeled with all categories currently available to the creating user.

If mcstransd is not running everything works as expected, except the translations, of course.

If mcstransd is not running, a user logs in, and after this mcstransd is started, it seems everything is working as it should. At least for this user. For other users it's the same problem as stated above.

For the root user it always works. I think this is because root has SystemLow-SystemHigh, so the missing '-' in the translated range seems to be the problem.

Since this breaks the whole concept of MCS, I think this should be fixed in near future.

Version-Release number of selected component (if applicable):
Name       : mcstrans
Arch       : i386
Version    : 0.2.11
Release    : 1.fc10


How reproducible:
always, if mcstransd is started before user logs in

Steps to Reproduce:
1. /sbin/service mcstrans start
2. log into the system (via ssh or local login)
3. touch test.foo
4. ls -Z test.foo
  
Actual results:
[joe@fedora ~]$ touch test.foo
[joe@fedora ~]$ ls -Z test.foo
-rw-rw-r--  joe joe staff_u:object_r:user_home_t:cat0,cat1,cat2 test.foo
[joe@fedora ~]$ 


Expected results:
[joe@fedora ~]$ touch test.foo
[joe@fedora ~]$ ls -Z test.foo
-rw-rw-r--  joe joe staff_u:object_r:user_home_t test.foo
[joe@fedora ~]$ 


Additional info:
id and secon without mcstransd:
[joe@fedora ~]$ id -Z
staff_u:staff_r:staff_t:s0-s0:c0.c2
[joe@fedora ~]$ secon -R
user: staff_u
role: staff_r
type: staff_t
sensitivity: s0
clearance: s0:c0.c2
mls-range: s0-s0:c0.c2
[joe@fedora ~]$ 


id and secon with mcstransd, before user logged in:
[joe@fedora ~]$ id -Z
staff_u:staff_r:staff_t:cat0,cat1,cat2
[joe@fedora ~]$ secon -R
user: staff_u
role: staff_r
type: staff_t
sensitivity: s0:c0.c2
clearance: s0:c0.c2
mls-range: s0:c0.c2
[joe@fedora ~]$ 


id and secon with mcstransd enabled after user logged in:
[joe@fedora ~]$ id -Z
staff_u:staff_r:staff_t:cat0,cat1,cat2
[joe@fedora ~]$ secon -R
user: staff_u
role: staff_r
type: staff_t
sensitivity: s0
clearance: s0:c0.c2
mls-range: s0-s0:c0.c2
[joe@fedora ~]$ 


contents of setrans.conf:
s0=
s0-s0:c0.c1023=SystemLow-SystemHigh
s0:c0=cat0
s0:c0.c1023=SystemHigh
s0:c1=cat1
s0:c2=cat2
s0:c3=cat3
s0:c4=cat4
s0:c5=cat5

Comment 1 Tobias Hommel 2009-06-18 19:47:02 UTC

seems to work with new mcstrans-0.3.1

Note You need to log in before you can comment on or make changes to this bug.