685127 – Matahari should not be in the Minimal install

Bug 685127 - Matahari should not be in the Minimal install

Summary: Matahari should not be in the Minimal install

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	releng
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Dennis Gregorovic
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	693356 (view as bug list)
Depends On:
Blocks:	682670
TreeView+	depends on / blocked

Reported:	2011-03-15 11:31 UTC by Karel Srot
Modified:	2016-04-26 15:11 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-19 12:57:34 UTC
Target Upstream Version:

Attachments	(Terms of Use)
yum.log from RHEL6.1-20110315.0 minimal install (28.37 KB, text/plain) 2011-03-17 07:13 UTC, Karel Srot	no flags	Details
patch (comps) (8.98 KB, text/plain) 2011-03-17 14:32 UTC, Bill Nottingham	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2011:0540	0	normal	SHIPPED_LIVE	redhat-release enhancement update for Red Hat Enterprise Linux 6.1	2011-05-18 17:44:50 UTC

Description Karel Srot 2011-03-15 11:31:45 UTC

Description of problem:

Following AVC appears avery 2-3 seconds in the audit.log. Probably should be don'taudited.

type=AVC msg=audit(1300188415.925:53): avc:  denied  { read } for  pid=1181 comm="matahari-hostd" name="mtrr" dev=proc ino=4026531941 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:mtrr_device_t:s0 tclass=file
type=SYSCALL msg=audit(1300188415.925:53): arch=c000003e syscall=2 success=no exit=-13 a0=7fedc33f0392 a1=0 a2=1b6 a3=0 items=1 ppid=1 pid=1181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="matahari-hostd" exe="/usr/sbin/matahari-hostd" subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 key=(null)
type=CWD msg=audit(1300188415.925:53):  cwd="/"
type=PATH msg=audit(1300188415.925:53): item=0 name="/proc/mtrr" inode=4026531941 dev=00:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:mtrr_device_t:s0


Version-Release number of selected component (if applicable):
selinux-policy-mls-3.7.19-78

How reproducible:
always

Steps to Reproduce:
1. install fresh RHEL6.1-20110311.3 with mls policy

Comment 1 Daniel Walsh 2011-03-15 12:03:28 UTC

Looks like we need policy for matahari-hostd.  I don't think we want to add random dontaudit for MLS policy.  If you install an app that is not supported on MLS, we have to write policy for it.

Comment 2 Karel Srot 2011-03-15 12:37:58 UTC

Well, matahari-hostd is a part of the minimal install, I didn't choose to install install it explicitely. Threfore I thought it was intentional to not have a policy.

Comment 3 Daniel Walsh 2011-03-15 14:56:43 UTC

Well I just wrote initial matahari policy in F15,  We will need to get this back ported to RHEL6.  But I don't believe that matahari should be in the minimal install since I don't think MLS people will want it there.

Comment 4 Steve Grubb 2011-03-15 15:25:54 UTC

Regarding comment #2, how did matahari get in minimal install? It should not be there.

Comment 5 Dennis Gregorovic 2011-03-16 17:58:39 UTC

Karel,

Please do another install.  This time, before the reboot at the end of the install, switch to terminal two and grab /tmp/yum.log.  That should tell us why matahari is getting pulled in.

Thanks
-- Dennis

Comment 6 Subhendu Ghosh 2011-03-16 22:08:15 UTC

Also - is this using only @core for package selection ? or @base ?

Comment 7 Karel Srot 2011-03-17 07:13:45 UTC

Created attachment 485938 [details]
yum.log from      RHEL6.1-20110315.0 minimal install

yum.log attached

Comment 8 Bill Nottingham 2011-03-17 14:32:11 UTC

Created attachment 486026 [details]
patch (comps)

I think the issue is that client-mgmt-tools is defaulted to on in the variants file, but is not listed in the product installclass files. This means it's not disabled when minimal is chosen.

Patch attached.

Comment 9 Chris Lumens 2011-04-04 17:50:15 UTC

*** Bug 693356 has been marked as a duplicate of this bug. ***

Comment 10 Dennis Gregorovic 2011-04-04 18:29:11 UTC

patch applied.  will appear in the next compose.

Comment 12 Alexander Todorov 2011-04-18 14:07:12 UTC

Tested with snap #4. Did a Minimal install and matahari wasn't installed. Moving to VERIFIED.

Comment 13 errata-xmlrpc 2011-05-19 12:57:34 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0540.html

Note You need to log in before you can comment on or make changes to this bug.