704189 – Wrong label for /etc/selinux/$SELINUXTYPE/contexts

Bug 704189 - Wrong label for /etc/selinux/$SELINUXTYPE/contexts

Summary: Wrong label for /etc/selinux/$SELINUXTYPE/contexts

Keywords:
Status:	CLOSED DUPLICATE of bug 704191
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	6.1
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL62CCC 846801 846802
TreeView+	depends on / blocked

Reported:	2011-05-12 11:53 UTC by Ramon de Carvalho Valle
Modified:	2012-10-16 12:27 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-24 14:06:35 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ramon de Carvalho Valle 2011-05-12 11:53:06 UTC

Description of problem:
It seems that the /etc/selinux/$SELINUXTYPE/contexts directory and its contents are being labeled incorrectly to default_context_t instead of selinux_config_t.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Miroslav Grepl 2011-05-12 16:05:04 UTC

The policy tells me this is a correct label. Why do you think this is a bug?

Comment 2 Ramon de Carvalho Valle 2011-05-12 16:16:05 UTC

(In reply to comment #1)
> The policy tells me this is a correct label. Why do you think this is a bug?

I think this directory and its contents should be selinux_config_t, as it contains SELinux configuration files.

Comment 3 Miroslav Grepl 2011-05-19 16:22:23 UTC

It contains default contexts so I don't see this as bug.

Dan?

Comment 4 Daniel Walsh 2011-05-23 15:28:17 UTC

I agree, this has always been labeled default_context, in that lots of domains need to read it that do not need to read other parts of SELinux config.

Comment 5 Ramon de Carvalho Valle 2011-05-23 15:37:24 UTC

Then secadm_r also will need to have write permission to it.

Comment 6 Daniel Walsh 2011-05-23 16:19:26 UTC

I agree.

Miroslav make sure RHEL5 and RHEL6 have


	seutil_manage_bin_policy($1)
	seutil_manage_default_contexts($1)
	seutil_manage_file_contexts($1)
	seutil_manage_module_store($1)
	seutil_manage_config($1)

in

userdom_security_admin_template

Comment 7 Miroslav Grepl 2011-05-24 14:06:35 UTC


*** This bug has been marked as a duplicate of bug 704191 ***

Note You need to log in before you can comment on or make changes to this bug.