Bug 676317 - rhncfg-manager unable to upload file without SELinux context
rhncfg-manager unable to upload file without SELinux context
Status: CLOSED ERRATA
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management (Show other bugs)
540
All All
unspecified Severity medium
: ---
: ---
Assigned To: Milan Zazrivec
Red Hat Satellite QA List
:
: 676639 676645 (view as bug list)
Depends On:
Blocks: sat54-errata
  Show dependency treegraph
 
Reported: 2011-02-09 09:20 EST by Lee Yarwood
Modified: 2011-07-22 18:10 EDT (History)
5 users (show)

See Also:
Fixed In Version: rhncfg-5.9.27-14
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-03-07 04:23:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lee Yarwood 2011-02-09 09:20:28 EST
Description of problem:
rhncfg-manager unable to upload file without SELinux context

Version-Release number of selected component (if applicable):

rhncfg-5.9.27-1.el6sat.noarch
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.0 (Santiago)


How reproducible:
Always

Steps to Reproduce:

- Create a file without a SELinux context

# touch testfile
# ls -lZ testfile 
-rw-r--r-- root root ?                                testfile

- Attempt to upload this to your Satellite

# rhncfg-manager add -c prod-rhel6 testfile 
2011-02-09 13:46:15 rpc_repository.__init__: 
2011-02-09 13:46:15 repository.__init__: server url https://satellite.gsslab.fab.redhat.com/CONFIG-MANAGEMENT-TOOL
2011-02-09 13:46:15 repository.__init__: ca cert /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Red Hat Network username: labuser
Password: 
2011-02-09 13:46:21 rpc_repository.assert_repo_health: 
2011-02-09 13:46:21 rhncfg_add.run: 
2011-02-09 13:46:21 rpc_repository.config_channel_exists: prod-rhel6
2011-02-09 13:46:21 rpc_repository.list_config_channels: 
Pushing to channel prod-rhel6:
2011-02-09 13:46:21 rpc_repository.put_file: 
2011-02-09 13:46:21 rpc_repository._get_default_delimiters: 
Traceback (most recent call last):
  File "/usr/bin/rhncfg-manager", line 46, in <module>
    sys.exit(Main().main() or 0)
  File "/usr/share/rhn/config_common/rhn_main.py", line 187, in main
    handler.run()
  File "/usr/share/rhn/config_management/rhncfg_add.py", line 111, in run
    delim_end=delim_end)
  File "/usr/share/rhn/config_management/rpc_repository.py", line 140, in put_file
    delim_start=delim_start, delim_end=delim_end)
  File "/usr/share/rhn/config_common/repository.py", line 189, in _make_file_info
    params.update(self._make_stat_info(local_path, file_stat))
  File "/usr/share/rhn/config_common/repository.py", line 135, in _make_stat_info
    ret['selinux_ctx'] = lgetfilecon(path)[1]
OSError: [Errno 61] No data available

- To workaround this add a context to the file 

# chcon system_u:object_r:admin_home_t:s0 testfile 

- Attempt to upload the file again 

# rhncfg-manager add -c prod-rhel6 testfile 
[..]
Local file testfile -> remote file /root/testfile

  
Actual results:

Unable to upload files to Satellite without a SELinux context

Expected results:

Either add a requirement for files to have a SELinux context, check if SELinux is enabled or catch the exception.

Additional info:

Code snippet from /usr/share/rhn/config_common/file_utils.py

 90     def diff(self, file_struct):
 91         self._validate_struct(file_struct)
 92 
 93         temp_file, temp_dirs = self.process(file_struct)
 94         path = file_struct['path']
 95         sectx_result = ''
 96         result = ''
 97 
 98         cur_sectx = lgetfilecon(path)[1]
 99         if cur_sectx == None:
100             cur_sectx = ''
101         if file_struct.has_key('selinux_ctx') and file_struct['selinux_ctx']:
102             if cur_sectx != file_struct['selinux_ctx']:
103                 sectx_result = "SELinux contexts differ:  actual: [%s], expected: [%s]\n" % (cur_sectx, file_struct['selinux_ctx'])
104 

I'll leave it up to engineering to decided how they'd like to avoid the error.

>>> from selinux import is_selinux_enabled
>>> is_selinux_enabled()
0

or 

>>> from selinux import lgetfilecon
>>> try:
...     lgetfilecon('/root/testfile')
... except OSError, e :
...     pass
Comment 2 Milan Zazrivec 2011-02-10 07:40:22 EST
Fixed in
spacewalk.git master: e33c846a1cd6cac15622747e6a73a5b43b938f4b
satellite.git SATELLITE-5.4: 36be377f6768f0da8c33d316f02f18f35298641f
Comment 5 Marcelo Moreira de Mello 2011-02-10 11:17:50 EST
*** Bug 676645 has been marked as a duplicate of this bug. ***
Comment 6 Marcelo Moreira de Mello 2011-02-10 11:17:53 EST
*** Bug 676639 has been marked as a duplicate of this bug. ***
Comment 7 Jiri Kastner 2011-02-14 07:54:04 EST
client:
rhncfg-manager add -c conf_chan_RHNManagerClient_TEST_2011_02_01_06_02_33 /tmp/blabla 
Red Hat Network username: admin
Password: 
Pushing to channel conf_chan_RHNManagerClient_TEST_2011_02_01_06_02_33:
Local file /tmp/blabla -> remote file /tmp/blabla
satellite:
salinux context is empty
Comment 8 Jiri Kastner 2011-02-14 07:55:29 EST
machine in comment 7 had disabled selinux:
[root@ibm-js22-03 tmp]# ls -lZ blabla 
-rw-r--r-- root root ?                                blabla
Comment 9 errata-xmlrpc 2011-03-07 04:23:00 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0323.html

Note You need to log in before you can comment on or make changes to this bug.