Bug 676317 - rhncfg-manager unable to upload file without SELinux context
Summary: rhncfg-manager unable to upload file without SELinux context
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management
Version: 540
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Milan Zázrivec
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
: 676639 676645 (view as bug list)
Depends On:
Blocks: sat54-errata
TreeView+ depends on / blocked
 
Reported: 2011-02-09 14:20 UTC by Lee Yarwood
Modified: 2018-11-14 14:50 UTC (History)
5 users (show)

Fixed In Version: rhncfg-5.9.27-14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-03-07 09:23:00 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 688461 0 medium CLOSED Error when using the web UI to compare the differences between a file revision when SELinux is disabled in RHEL6 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2011:0323 0 normal SHIPPED_LIVE RHN Tools bug fix and enhancement update 2011-03-07 09:22:47 UTC

Internal Links: 688461

Description Lee Yarwood 2011-02-09 14:20:28 UTC
Description of problem:
rhncfg-manager unable to upload file without SELinux context

Version-Release number of selected component (if applicable):

rhncfg-5.9.27-1.el6sat.noarch
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.0 (Santiago)


How reproducible:
Always

Steps to Reproduce:

- Create a file without a SELinux context

# touch testfile
# ls -lZ testfile 
-rw-r--r-- root root ?                                testfile

- Attempt to upload this to your Satellite

# rhncfg-manager add -c prod-rhel6 testfile 
2011-02-09 13:46:15 rpc_repository.__init__: 
2011-02-09 13:46:15 repository.__init__: server url https://satellite.gsslab.fab.redhat.com/CONFIG-MANAGEMENT-TOOL
2011-02-09 13:46:15 repository.__init__: ca cert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Red Hat Network username: labuser
Password: 
2011-02-09 13:46:21 rpc_repository.assert_repo_health: 
2011-02-09 13:46:21 rhncfg_add.run: 
2011-02-09 13:46:21 rpc_repository.config_channel_exists: prod-rhel6
2011-02-09 13:46:21 rpc_repository.list_config_channels: 
Pushing to channel prod-rhel6:
2011-02-09 13:46:21 rpc_repository.put_file: 
2011-02-09 13:46:21 rpc_repository._get_default_delimiters: 
Traceback (most recent call last):
  File "/usr/bin/rhncfg-manager", line 46, in <module>
    sys.exit(Main().main() or 0)
  File "/usr/share/rhn/config_common/rhn_main.py", line 187, in main
    handler.run()
  File "/usr/share/rhn/config_management/rhncfg_add.py", line 111, in run
    delim_end=delim_end)
  File "/usr/share/rhn/config_management/rpc_repository.py", line 140, in put_file
    delim_start=delim_start, delim_end=delim_end)
  File "/usr/share/rhn/config_common/repository.py", line 189, in _make_file_info
    params.update(self._make_stat_info(local_path, file_stat))
  File "/usr/share/rhn/config_common/repository.py", line 135, in _make_stat_info
    ret['selinux_ctx'] = lgetfilecon(path)[1]
OSError: [Errno 61] No data available

- To workaround this add a context to the file 

# chcon system_u:object_r:admin_home_t:s0 testfile 

- Attempt to upload the file again 

# rhncfg-manager add -c prod-rhel6 testfile 
[..]
Local file testfile -> remote file /root/testfile

  
Actual results:

Unable to upload files to Satellite without a SELinux context

Expected results:

Either add a requirement for files to have a SELinux context, check if SELinux is enabled or catch the exception.

Additional info:

Code snippet from /usr/share/rhn/config_common/file_utils.py

 90     def diff(self, file_struct):
 91         self._validate_struct(file_struct)
 92 
 93         temp_file, temp_dirs = self.process(file_struct)
 94         path = file_struct['path']
 95         sectx_result = ''
 96         result = ''
 97 
 98         cur_sectx = lgetfilecon(path)[1]
 99         if cur_sectx == None:
100             cur_sectx = ''
101         if file_struct.has_key('selinux_ctx') and file_struct['selinux_ctx']:
102             if cur_sectx != file_struct['selinux_ctx']:
103                 sectx_result = "SELinux contexts differ:  actual: [%s], expected: [%s]\n" % (cur_sectx, file_struct['selinux_ctx'])
104 

I'll leave it up to engineering to decided how they'd like to avoid the error.

>>> from selinux import is_selinux_enabled
>>> is_selinux_enabled()
0

or 

>>> from selinux import lgetfilecon
>>> try:
...     lgetfilecon('/root/testfile')
... except OSError, e :
...     pass

Comment 2 Milan Zázrivec 2011-02-10 12:40:22 UTC
Fixed in
spacewalk.git master: e33c846a1cd6cac15622747e6a73a5b43b938f4b
satellite.git SATELLITE-5.4: 36be377f6768f0da8c33d316f02f18f35298641f

Comment 5 Marcelo Moreira de Mello 2011-02-10 16:17:50 UTC
*** Bug 676645 has been marked as a duplicate of this bug. ***

Comment 6 Marcelo Moreira de Mello 2011-02-10 16:17:53 UTC
*** Bug 676639 has been marked as a duplicate of this bug. ***

Comment 7 Jiri Kastner 2011-02-14 12:54:04 UTC
client:
rhncfg-manager add -c conf_chan_RHNManagerClient_TEST_2011_02_01_06_02_33 /tmp/blabla 
Red Hat Network username: admin
Password: 
Pushing to channel conf_chan_RHNManagerClient_TEST_2011_02_01_06_02_33:
Local file /tmp/blabla -> remote file /tmp/blabla
satellite:
salinux context is empty

Comment 8 Jiri Kastner 2011-02-14 12:55:29 UTC
machine in comment 7 had disabled selinux:
[root@ibm-js22-03 tmp]# ls -lZ blabla 
-rw-r--r-- root root ?                                blabla

Comment 9 errata-xmlrpc 2011-03-07 09:23:00 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0323.html


Note You need to log in before you can comment on or make changes to this bug.