Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 628953

Summary: runcon chokes on arguments belonging to passed parameters
Product: Red Hat Enterprise Linux 5 Reporter: Tim Wilkinson <twilkins>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: medium    
Version: 5.5CC: asersen, azelinka, dwalsh, perfbz, sreichar, tcapek
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: coreutils-5.97-28.el5 Doc Type: Bug Fix
Doc Text:
Because of internal reordering of arguments, the runcon utility was not able to handle execution of commands with arguments without the option separator "--". With this update, the runcon utility no longer reorders arguments and this bug no longer occurs. Note that syntax "runcon RUNCONARGS COMMAND -- COMMANDARGS" is incorrect; if the option separator is used, it must preceed the COMMAND.
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 10:36:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 711765    
Attachments:
Description Flags
don't reorder arguments kdudka: review+

Description Tim Wilkinson 2010-08-31 14:02:34 UTC
Description of problem:
----------------------
Given the following synatx,

   runcon [-t TYPE] COMMAND [args]

runcon is parsing the COMMAND args as if they were passed to itself



Component Version-Release:
-------------------------
kernel: 2.6.18-194.el5

policycoreutils-1.33.12-14.8.el5
coreutils-5.97-23.el5_4.2
policycoreutils-gui-1.33.12-14.8.el5



How reproducible:
----------------
Consistent in RHEL5.5



Steps to Reproduce:
------------------
runcon -t rpm_t ls -r



Actual results:
--------------
runcon: option requires an argument -- r



Expected results:
----------------
the command is executed with the transitioned security context type



Additional info:
---------------
This was tripped over in producing the next RH Cloud Foundations Reference Architecture on Hybrid Clouds and (without a workaround) will prevent us from enforcing SELinux.

This works as advertised on Fedora 13 but not on RHEL 5.5.

Comment 1 Ondrej Vasik 2010-08-31 14:24:05 UTC
Thanks for report, confirmed ... as workaround you could use runcon -t rpm_t -- <commmand with options> ...

Comment 2 Tim Wilkinson 2010-08-31 14:30:48 UTC
That works very well, thanks.

Comment 3 Ondrej Vasik 2010-08-31 14:40:44 UTC
Created attachment 442203 [details]
don't reorder arguments

This is caused by reordering arguments ... could be fixed by that oneliner patch.

Comment 4 Kamil Dudka 2010-08-31 14:55:12 UTC
Comment on attachment 442203 [details]
don't reorder arguments

Looks good to me.

Comment 5 Daniel Walsh 2010-08-31 15:13:25 UTC
runcon -t rpm_t -- ls -r

Should work.

Comment 7 RHEL Program Management 2011-01-11 20:14:35 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Comment 8 RHEL Program Management 2011-01-11 22:23:43 UTC
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.

Comment 15 Ondrej Vasik 2011-06-08 13:32:53 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Because of internal reordering of arguments, runcon was not able to handle execution of commands with arguments without option separator --. runcon is no longer reordering arguments, thus the issue is resolved. (BZ#628953)

Note: some users were incorrectly using syntax `runcon RUNCONARGS COMMAND -- COMMANDARGS` . This syntax was incorrect, RUNCONARGS (and possible -- separator) must preceed the COMMAND.

Comment 16 Tomas Capek 2011-06-10 07:43:36 UTC
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,3 +1,3 @@
-Because of internal reordering of arguments, runcon was not able to handle execution of commands with arguments without option separator --. runcon is no longer reordering arguments, thus the issue is resolved. (BZ#628953)
+Because of internal reordering of arguments, the runcon utility was not able to handle execution of commands with arguments without the option separator "--". With this update, the runcon utility no longer reorders arguments and this bug no longer occurs. 
 
-Note: some users were incorrectly using syntax `runcon RUNCONARGS COMMAND -- COMMANDARGS` . This syntax was incorrect, RUNCONARGS (and possible -- separator) must preceed the COMMAND.+Note that syntax "runcon RUNCONARGS COMMAND -- COMMANDARGS" is incorrect; if the option separator is used, it must preceed the COMMAND.

Comment 17 errata-xmlrpc 2011-07-21 10:36:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1074.html

Comment 18 errata-xmlrpc 2011-07-21 12:18:36 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1074.html