Bug 685127 – Matahari should not be in the Minimal install

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 685127 - Matahari should not be in the Minimal install

Summary:	Matahari should not be in the Minimal install

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	releng (Show other bugs)
Sub Component:
Version:	6.1
Hardware:	Unspecified Unspecified

Priority	high Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Dennis Gregorovic
QA Contact:	Release Test Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	693356 (view as bug list)
Depends On:
Blocks:	682670
	Show dependency tree / graph

Reported:	2011-03-15 07:31 EDT by Karel Srot
Modified:	2016-04-26 11:11 EDT (History)
CC List:	9 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-05-19 08:57:34 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
yum.log from RHEL6.1-20110315.0 minimal install (28.37 KB, text/plain) 2011-03-17 03:13 EDT, Karel Srot	no flags	Details
patch (comps) (8.98 KB, text/plain) 2011-03-17 10:32 EDT, Bill Nottingham	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2011:0540	normal	SHIPPED_LIVE	redhat-release enhancement update for Red Hat Enterprise Linux 6.1	2011-05-18 13:44:50 EDT

Groups: None (edit)

Description Karel Srot 2011-03-15 07:31:45 EDT

Description of problem:

Following AVC appears avery 2-3 seconds in the audit.log. Probably should be don'taudited.

type=AVC msg=audit(1300188415.925:53): avc:  denied  { read } for  pid=1181 comm="matahari-hostd" name="mtrr" dev=proc ino=4026531941 scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tcontext=system_u:object_r:mtrr_device_t:s0 tclass=file
type=SYSCALL msg=audit(1300188415.925:53): arch=c000003e syscall=2 success=no exit=-13 a0=7fedc33f0392 a1=0 a2=1b6 a3=0 items=1 ppid=1 pid=1181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="matahari-hostd" exe="/usr/sbin/matahari-hostd" subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 key=(null)
type=CWD msg=audit(1300188415.925:53):  cwd="/"
type=PATH msg=audit(1300188415.925:53): item=0 name="/proc/mtrr" inode=4026531941 dev=00:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:mtrr_device_t:s0


Version-Release number of selected component (if applicable):
selinux-policy-mls-3.7.19-78

How reproducible:
always

Steps to Reproduce:
1. install fresh RHEL6.1-20110311.3 with mls policy

Comment 1 Daniel Walsh 2011-03-15 08:03:28 EDT

Looks like we need policy for matahari-hostd.  I don't think we want to add random dontaudit for MLS policy.  If you install an app that is not supported on MLS, we have to write policy for it.

Comment 2 Karel Srot 2011-03-15 08:37:58 EDT

Well, matahari-hostd is a part of the minimal install, I didn't choose to install install it explicitely. Threfore I thought it was intentional to not have a policy.

Comment 3 Daniel Walsh 2011-03-15 10:56:43 EDT

Well I just wrote initial matahari policy in F15,  We will need to get this back ported to RHEL6.  But I don't believe that matahari should be in the minimal install since I don't think MLS people will want it there.

Comment 4 Steve Grubb 2011-03-15 11:25:54 EDT

Regarding comment #2, how did matahari get in minimal install? It should not be there.

Comment 5 Dennis Gregorovic 2011-03-16 13:58:39 EDT

Karel,

Please do another install.  This time, before the reboot at the end of the install, switch to terminal two and grab /tmp/yum.log.  That should tell us why matahari is getting pulled in.

Thanks
-- Dennis

Comment 6 Subhendu Ghosh 2011-03-16 18:08:15 EDT

Also - is this using only @core for package selection ? or @base ?

Comment 7 Karel Srot 2011-03-17 03:13:45 EDT

Created attachment 485938 [details]
yum.log from      RHEL6.1-20110315.0 minimal install

yum.log attached

Comment 8 Bill Nottingham 2011-03-17 10:32:11 EDT

Created attachment 486026 [details]
patch (comps)

I think the issue is that client-mgmt-tools is defaulted to on in the variants file, but is not listed in the product installclass files. This means it's not disabled when minimal is chosen.

Patch attached.

Comment 9 Chris Lumens 2011-04-04 13:50:15 EDT

*** Bug 693356 has been marked as a duplicate of this bug. ***

Comment 10 Dennis Gregorovic 2011-04-04 14:29:11 EDT

patch applied.  will appear in the next compose.

Comment 12 Alexander Todorov 2011-04-18 10:07:12 EDT

Tested with snap #4. Did a Minimal install and matahari wasn't installed. Moving to VERIFIED.

Comment 13 errata-xmlrpc 2011-05-19 08:57:34 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0540.html

Note You need to log in before you can comment on or make changes to this bug.