Bug 717572 - Satellite fails to check selinux context on systems running mcstrans daemon
Summary: Satellite fails to check selinux context on systems running mcstrans daemon
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Configuration Management
Version: 540
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: Tomas Lestach
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: 260381
TreeView+ depends on / blocked
 
Reported: 2011-06-29 09:27 UTC by Raul Mahiques
Modified: 2012-04-10 21:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-04-10 21:10:40 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Raul Mahiques 2011-06-29 09:27:37 UTC 
Description of problem:
If you specify the selinux context for a configuration file managed by satellite, it may fail the selinux check if mcstrans daemon is running on the client.



How reproducible:

Steps to Reproduce:
1. Create a configuration file on satellite, example:
/etc/config
with security context: system_u:object_r:etc_t:s0

2. start mcstrans with the following configuration example:
#/etc/selinux/targeted/setrans.conf
s0=
s0-s0:c.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh

3. deploy the configuration file from satellite:
Successfully deployed with no errors reported.

4. check the configuration files
#rhncfg-client verify
selinux    /etc/config

5. ls -Z /etc/config shows:
system_u:object_r:etc_t  .. /etc/config

6. Disable mcstrans
service mcstrans stop

7. ls -Z /etc/config shows:
system_u:object_r:etc_t:s0 .. /etc/config

8. check again the configuration files with rhncfg-client shows they are correct.



Expected results:
Check to ignore mcstrans or similar.
Note You need to log in before you can comment on or make changes to this bug.