Bug 625830 - /etc/ntp.conf deployed via Satellite configuration channels clobbers SELinux information
Summary: /etc/ntp.conf deployed via Satellite configuration channels clobbers SELinux ...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management (Show other bugs)
(Show other bugs)
Version: 530
Hardware: All Linux
low
medium
Target Milestone: ---
Assignee: Tomas Lestach
QA Contact: Martin Minar
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: sat540-cfg-selinux
TreeView+ depends on / blocked
 
Reported: 2010-08-20 14:59 UTC by Dave Kline
Modified: 2016-07-04 00:55 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-28 14:55:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Dave Kline 2010-08-20 14:59:12 UTC
Description of problem:

/etc/ntp.conf deployed via Satellite configuration channels changes the SELinux context information:

[root@satclient ~]# ls -lZ /etc/ntp.conf 
-rw-r--r--  root root system_u:object_r:net_conf_t     /etc/ntp.conf
[root@satclient ~]# rhncfg-client get
Deploying /etc/ntp.conf
[root@satclient ~]# ls -lZ /etc/ntp.conf 
-rw-r--r--  root root root:object_r:etc_t              /etc/ntp.conf

Version-Release number of selected component (if applicable):

Fully updated Satellite 5.3 and RHEL 5.5 client.

How reproducible:
Deploy a file via configuration channel.

Steps to Reproduce:
1. Enable SELinux on Satellite client
2. Create and deploy configuration files
3. Confirm with ls -lZ on client
  
Actual results:

-rw-r--r--  root root root:object_r:etc_t              /etc/ntp.conf

Expected results:

-rw-r--r--  root root system_u:object_r:net_conf_t     /etc/ntp.conf


Additional info:

A customer will be using Satellite to manage ntp.conf with SELinux enabled.

Comment 1 Clifford Perry 2010-08-30 18:19:22 UTC
Satellite 5.4 configuration management will allow for end users to define SELinux context of config files being managed and deployed. 

Cliff

Comment 2 Tomas Lestach 2010-09-10 09:05:13 UTC
Configuration files have an additional property - selinux context.
I verified entered selinux context will be set for a file, when deploying config files.

Comment 4 Šimon Lukašík 2010-10-27 12:23:15 UTC
Verified in stage against Satellite-5.4.0-RHEL5-re20101025.0.

- Verified that configuration files are deployed with entered selinux context.
- And when selinux context property is omitted, deployed configuration
files selinux context is the same as before the deployment.

With client packages from stage:
rhncfg-client-5.9.27-1.el5sat
rhncfg-management-5.9.27-1.el5sat
rhncfg-actions-5.9.27-1.el5sat
rhncfg-5.9.27-1.el5sat

Comment 5 Clifford Perry 2010-10-28 14:50:19 UTC
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. 


RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332

RHEA-2010:0803 - RHN Tools enhancement update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333

RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334

RHEA-2010:0800 - RHN Satellite Server 5.4.0
https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335

Docs are available:

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html 

Regards,
Clifford


Note You need to log in before you can comment on or make changes to this bug.