Description of problem: ---------------------- Given the following synatx, runcon [-t TYPE] COMMAND [args] runcon is parsing the COMMAND args as if they were passed to itself Component Version-Release: ------------------------- kernel: 2.6.18-194.el5 policycoreutils-1.33.12-14.8.el5 coreutils-5.97-23.el5_4.2 policycoreutils-gui-1.33.12-14.8.el5 How reproducible: ---------------- Consistent in RHEL5.5 Steps to Reproduce: ------------------ runcon -t rpm_t ls -r Actual results: -------------- runcon: option requires an argument -- r Expected results: ---------------- the command is executed with the transitioned security context type Additional info: --------------- This was tripped over in producing the next RH Cloud Foundations Reference Architecture on Hybrid Clouds and (without a workaround) will prevent us from enforcing SELinux. This works as advertised on Fedora 13 but not on RHEL 5.5.
Thanks for report, confirmed ... as workaround you could use runcon -t rpm_t -- <commmand with options> ...
That works very well, thanks.
Created attachment 442203 [details] don't reorder arguments This is caused by reordering arguments ... could be fixed by that oneliner patch.
Comment on attachment 442203 [details] don't reorder arguments Looks good to me.
runcon -t rpm_t -- ls -r Should work.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This request was erroneously denied for the current release of Red Hat Enterprise Linux. The error has been fixed and this request has been re-proposed for the current release.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Because of internal reordering of arguments, runcon was not able to handle execution of commands with arguments without option separator --. runcon is no longer reordering arguments, thus the issue is resolved. (BZ#628953) Note: some users were incorrectly using syntax `runcon RUNCONARGS COMMAND -- COMMANDARGS` . This syntax was incorrect, RUNCONARGS (and possible -- separator) must preceed the COMMAND.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,3 +1,3 @@ -Because of internal reordering of arguments, runcon was not able to handle execution of commands with arguments without option separator --. runcon is no longer reordering arguments, thus the issue is resolved. (BZ#628953) +Because of internal reordering of arguments, the runcon utility was not able to handle execution of commands with arguments without the option separator "--". With this update, the runcon utility no longer reorders arguments and this bug no longer occurs. -Note: some users were incorrectly using syntax `runcon RUNCONARGS COMMAND -- COMMANDARGS` . This syntax was incorrect, RUNCONARGS (and possible -- separator) must preceed the COMMAND.+Note that syntax "runcon RUNCONARGS COMMAND -- COMMANDARGS" is incorrect; if the option separator is used, it must preceed the COMMAND.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1074.html