Bug 663935 - /etc/sysconfig/*.old files are mislabeled on the livecd
Summary: /etc/sysconfig/*.old files are mislabeled on the livecd
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-firewall
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
high
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-17 12:39 UTC by Oliver Henshaw
Modified: 2011-03-16 17:04 UTC (History)
1 user (show)

Fixed In Version: livecd-tools-15.5-1.fc15
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-16 17:04:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Oliver Henshaw 2010-12-17 12:39:16 UTC
Description of problem:

When I try to configure the firewall with system-config-firewall on the livecd, it fails and I get a traceback as noted in bug #614887. The root cause seems to be that various .old files are mislabeled:

# ll -Z /etc/sysconfig/ip*
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/ip6tables
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/ip6tables-config
-rw-------. root root unconfined_u:object_r:etc_t:s0   /etc/sysconfig/ip6tables.old
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/iptables
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/iptables-config
-rw-------. root root unconfined_u:object_r:etc_t:s0   /etc/sysconfig/iptables.old
# ll -Z /etc/sysconfig/system-config-firewall*
-rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/system-config-firewall
-rw-------. root root unconfined_u:object_r:etc_t:s0   /etc/sysconfig/system-config-firewall.old

If I restorecon or rm these .old files before starting system-config-firewall then I can configure the firewall without problem.


I notice that fedora-live-base.ks has the line "firewall --enabled --mdns", perhaps this is responsible for leaving the .old files mislabeled? Or perhaps this is a selinux policy oversight?

I've tested this on a F15 nightly, but I can also reproduce this bug at least as far back as the F13 release spin iso.


Version-Release number of selected component (if applicable):

system-config-firewall-1.2.27-1.fc15.noarch
selinux-policy-3.9.10-12.fc15.noarch

Comment 1 Oliver Henshaw 2011-03-16 16:57:56 UTC
This could be the cause of the abrt-reported crashes at bug #654053.

Comment 2 Oliver Henshaw 2011-03-16 17:04:37 UTC
Appears to be fixed on the kde-x86_64-20110315.01.iso nightly, most probably as a result of the fix for bug #648591.

Bug #614887 (system-config-firewall crash leaves iptables rules in a bad state) remains, however.


Note You need to log in before you can comment on or make changes to this bug.