577403 – fetch-crl doesn't preserve file contexts

Bug 577403 - fetch-crl doesn't preserve file contexts

Summary: fetch-crl doesn't preserve file contexts

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	fetch-crl
Sub Component:
Version:	el5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Steve Traylen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-03-26 21:09 UTC by Wart
Modified:	2010-04-15 23:49 UTC (History)
CC List:	2 users (show)
Fixed In Version:	fetch-crl-2.8.4-1.el4
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-04-09 01:39:35 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)
Preseve selinux contexts on crl files (410 bytes, application/octet-stream) 2010-03-26 21:09 UTC, Wart	no flags	Details
View All

Description Wart 2010-03-26 21:09:04 UTC

Created attachment 402953 [details]
Preseve selinux contexts on crl files

Description of problem:
custom file contexts are not preserved after running fetch-crl.  While it is not common to set specific file contexts on CRLs, it would still be nice to preserve any that have been set.

Version-Release number of selected component (if applicable):
2.8.2-1.el5

How reproducible:
Always

Steps to Reproduce:
1. Set the standard context for certificates: semanage fcontext -a -t cert_t "/etc/grid-security(/.*)?"
2. run fetch-crl
3. ls -lZ /etc/grid-security/certificates/
  
Actual results:
File contexts show up as system_u:object_r:tmp_t:
-rw-r--r--  root root user_u:object_r:tmp_t            /etc/grid-security/certificates/0a2bac92.r0
-rw-r--r--  root root user_u:object_r:tmp_t            /etc/grid-security/certificates/1149214e.r0
-rw-r--r--  root root user_u:object_r:tmp_t            /etc/grid-security/certificates/11b4a5a2.r0


Expected results:
File contexts should show up as system_u:object_r:cert_t:
-rw-r--r--  root root system_u:object_r:cert_t         /etc/grid-security/certificates/09ff08b7.r0
-rw-r--r--  root root system_u:object_r:cert_t         /etc/grid-security/certificates/0a12b607.r0
-rw-r--r--  root root system_u:object_r:cert_t         /etc/grid-security/certificates/0a2bac92.r0


Additional info:
The attached patch was made against fetch-crl 2.6.6, but will also apply against 2.8.2.

Comment 1 Fedora Update System 2010-03-27 10:02:42 UTC

fetch-crl-2.8.2-2.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-2.el4

Comment 2 Fedora Update System 2010-03-27 10:03:31 UTC

fetch-crl-2.8.2-2.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-2.el5

Comment 3 Fedora Update System 2010-03-27 10:04:02 UTC

fetch-crl-2.8.2-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-2.fc11

Comment 4 Fedora Update System 2010-03-27 10:04:33 UTC

fetch-crl-2.8.2-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-2.fc12

Comment 5 Fedora Update System 2010-03-27 10:05:04 UTC

fetch-crl-2.8.2-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.2-2.fc13

Comment 6 Steve Traylen 2010-03-27 19:13:12 UTC

The patch will need changing upstream but Fedora/EPEL it'sjust fine.
Thanks.
Steve.

Comment 7 Fedora Update System 2010-03-28 17:44:48 UTC

fetch-crl-2.8.3-1.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.el4

Comment 8 Fedora Update System 2010-03-28 17:45:36 UTC

fetch-crl-2.8.3-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.el5

Comment 9 Fedora Update System 2010-03-28 17:46:15 UTC

fetch-crl-2.8.3-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc11

Comment 10 Fedora Update System 2010-03-28 17:46:50 UTC

fetch-crl-2.8.3-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc12

Comment 11 Fedora Update System 2010-03-28 17:47:25 UTC

fetch-crl-2.8.3-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc13

Comment 12 Fedora Update System 2010-03-30 02:15:07 UTC

fetch-crl-2.8.3-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc12

Comment 13 Fedora Update System 2010-03-30 02:26:05 UTC

fetch-crl-2.8.3-1.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc11

Comment 14 Fedora Update System 2010-04-01 19:30:12 UTC

fetch-crl-2.8.3-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.fc13

Comment 15 Fedora Update System 2010-04-01 21:02:20 UTC

fetch-crl-2.8.3-1.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.el4

Comment 16 Fedora Update System 2010-04-01 21:03:17 UTC

fetch-crl-2.8.3-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.3-1.el5

Comment 17 Fedora Update System 2010-04-06 19:55:27 UTC

fetch-crl-2.8.4-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.4-1.fc13

Comment 18 Fedora Update System 2010-04-07 22:16:05 UTC

fetch-crl-2.8.4-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.4-1.el5

Comment 19 Fedora Update System 2010-04-07 22:18:30 UTC

fetch-crl-2.8.4-1.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update fetch-crl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/fetch-crl-2.8.4-1.el4

Comment 20 Fedora Update System 2010-04-09 01:39:23 UTC

fetch-crl-2.8.4-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 21 Fedora Update System 2010-04-09 01:42:26 UTC

fetch-crl-2.8.4-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2010-04-09 03:48:37 UTC

fetch-crl-2.8.4-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Fedora Update System 2010-04-15 23:48:08 UTC

fetch-crl-2.8.4-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 24 Fedora Update System 2010-04-15 23:48:50 UTC

fetch-crl-2.8.4-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.