Bug 529448 - qpidd should not require selinux-policy-minimum
Summary: qpidd should not require selinux-policy-minimum
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: qpidc
Version: 12
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Nuno Santos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-16 21:22 UTC by Eric Paris
Modified: 2013-09-12 22:10 UTC (History)
6 users (show)

Fixed In Version: qpid-cpp-0.6.895736-3.fc13
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-04-09 01:34:54 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
qpidd policy package (23.25 KB, application/octet-stream)
2009-10-16 21:55 UTC, Nuno Santos 		no flags Details
View All

Description Eric Paris 2009-10-16 21:22:39 UTC 
rpm -q --requires qpidd
[snip] 
selinux-policy-minimum
[snip]

I don't know why qpidd has a requirement on selinux-policy-minimum but if the requirement is that some selinux policy be installed the proper requires is selinux-policy-base

noone has the selinux-policy-minimum policy installed, it's an almost useless policy which confined basically nothing.
Comment 1 Daniel Walsh 2009-10-16 21:34:57 UTC 
If you want to make sure some policy is installed, you can require selinux-policy-base, which all policies define.
Comment 2 Daniel Walsh 2009-10-16 21:36:14 UTC 
What rules are in qpidd.pp?
Comment 3 Nuno Santos 2009-10-16 21:55:37 UTC 
Created attachment 365096 [details]
qpidd policy package

Dan, I've attached the policy package.
Comment 4 Daniel Walsh 2009-10-16 21:59:30 UTC 
I have seen the pp file but do you have the te and fc file used to create it?
Comment 5 Eric Paris 2009-10-16 23:08:34 UTC 
no idea what their actual module is, but I disassembled the binary:

TE rules:
  allow [ccs_t] [tmpfs_t] : [dir] { search };
  allow [ccs_t] [tmpfs_t] : [file] { ioctl read write getattr lock append };
  allow [ccs_t] [initrc_t] : [sem] { getattr read write associate unix_read unix_write };
  allow [ccs_t] [initrc_t] : [shm] { getattr read write associate unix_read unix_write lock };
  allow [ccs_t] self : [capability] { ipc_owner };

That's pretty much all that's in that .pp file.
Comment 6 Daniel Walsh 2009-10-17 10:46:59 UTC 
OK I can add the first two rules and the last rule to ccs.te, but I will create a new type called ccs_tmpfs_t to prevent ccs_t from accessing random tmpfs_t.

I have no idea what the initrc_t is, it should have policy associated with it.
Comment 7 Bug Zapper 2009-11-16 13:46:08 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 Fedora Update System 2010-04-06 21:47:05 UTC 
qpidc-0.5.829175-4.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/qpidc-0.5.829175-4.fc12
Comment 9 Fedora Update System 2010-04-06 22:18:57 UTC 
qpid-cpp-0.6.895736-3.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/qpid-cpp-0.6.895736-3.fc13
Comment 10 Fedora Update System 2010-04-09 01:34:45 UTC 
qpidc-0.5.829175-4.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2010-04-09 03:51:34 UTC 
qpid-cpp-0.6.895736-3.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.