745113 – matahari-net was renamed to matahari-network but SELinux context did not follow

Bug 745113 - matahari-net was renamed to matahari-network but SELinux context did not follow

Summary: matahari-net was renamed to matahari-network but SELinux context did not follow

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-11 12:39 UTC by Milos Malik
Modified:	2013-06-06 13:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:	selinux-policy-3.7.19-119.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 10:19:47 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1511	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2011-12-06 00:39:17 UTC

Description Milos Malik 2011-10-11 12:39:49 UTC

Description of problem:
Someone renamed matahari-net init script to matahari-network, but did not tell SELinux guys about it. Which means that matahari-network init script is now labelled initrc_exec_t instead of matahari_initrc_exec_t.

Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-115.el6.noarch
selinux-policy-minimum-3.7.19-115.el6.noarch
selinux-policy-doc-3.7.19-115.el6.noarch
selinux-policy-targeted-3.7.19-115.el6.noarch
selinux-policy-mls-3.7.19-115.el6.noarch
matahari-lib-0.4.4-2.el6.x86_64
matahari-network-0.4.4-2.el6.x86_64
matahari-debuginfo-0.4.4-2.el6.x86_64
matahari-broker-0.4.4-2.el6.x86_64
matahari-sysconfig-0.4.4-2.el6.x86_64
matahari-agent-lib-0.4.4-2.el6.x86_64
matahari-host-0.4.4-2.el6.x86_64
matahari-0.4.4-2.el6.x86_64
matahari-consoles-0.4.4-2.el6.x86_64
matahari-service-0.4.4-2.el6.x86_64

Steps to Reproduce:
# matchpathcon /etc/rc.d/init.d/matahari-net
/etc/rc.d/init.d/matahari-net   system_u:object_r:matahari_initrc_exec_t:s0
# matchpathcon /etc/rc.d/init.d/matahari-network
/etc/rc.d/init.d/matahari-network       system_u:object_r:initrc_exec_t:s0
# 
  
Actual results:
# matchpathcon /etc/rc.d/init.d/matahari-*
/etc/rc.d/init.d/matahari-broker        system_u:object_r:initrc_exec_t:s0
/etc/rc.d/init.d/matahari-host  system_u:object_r:matahari_initrc_exec_t:s0
/etc/rc.d/init.d/matahari-network       system_u:object_r:initrc_exec_t:s0
/etc/rc.d/init.d/matahari-service       system_u:object_r:matahari_initrc_exec_t:s0
/etc/rc.d/init.d/matahari-sysconfig     system_u:object_r:initrc_exec_t:s0
/etc/rc.d/init.d/matahari-sysconfig-console     system_u:object_r:initrc_exec_t:s0

Expected results:
* all matahari init scripts are labelled matahari_initrc_exec_t

Comment 1 Milos Malik 2011-10-11 12:49:14 UTC

Unfortunately following binaries were also renamed which means they are all labelled bin_t now.

# matchpathcon /usr/sbin/matahari-*
/usr/sbin/matahari-brokerd      system_u:object_r:bin_t:s0
/usr/sbin/matahari-dbus-hostd   system_u:object_r:bin_t:s0
/usr/sbin/matahari-dbus-networkd        system_u:object_r:bin_t:s0
/usr/sbin/matahari-dbus-serviced        system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-hostd    system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-networkd system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-service-cli      system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-serviced system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-sysconfig-consoled       system_u:object_r:bin_t:s0
/usr/sbin/matahari-qmf-sysconfigd       system_u:object_r:bin_t:s0
#

Comment 2 Miroslav Grepl 2011-10-11 13:53:35 UTC

Milos,
how were these binaries named?

Comment 3 Milos Malik 2011-10-11 17:38:40 UTC

Old names
=======
/usr/sbin/matahari-hostd
/usr/sbin/matahari-netd
/usr/sbin/matahari-serviced

New names
=======
-rwxr-xr-x. 1 root root 13268 Sep  9 09:51 /usr/sbin/matahari-dbus-hostd
-rwxr-xr-x. 1 root root 10296 Sep  9 09:51 /usr/sbin/matahari-dbus-networkd
-rwxr-xr-x. 1 root root 16056 Sep  9 09:51 /usr/sbin/matahari-dbus-serviced
-rwxr-xr-x. 1 root root 52708 Sep  9 09:51 /usr/sbin/matahari-qmf-hostd
-rwxr-xr-x. 1 root root 29692 Sep  9 09:51 /usr/sbin/matahari-qmf-networkd
-rwxr-xr-x. 1 root root 73128 Sep  9 09:51 /usr/sbin/matahari-qmf-serviced

But their count doubled.

Comment 4 Miroslav Grepl 2011-10-11 18:16:45 UTC

OK, we really need to fix it in this case.

Comment 5 Daniel Walsh 2011-10-11 18:55:59 UTC

I just checked in a fix for F16.

Comment 6 Miroslav Grepl 2011-10-12 18:16:37 UTC

Fixed in selinux-policy-3.7.19-116.el6

Comment 11 Miroslav Grepl 2011-10-18 14:54:30 UTC

Fixed in selinux-policy-3.7.19-118.el6.noarch

matchpathcon /usr/sbin/matahari-*net*
/usr/sbin/matahari-netd	system_u:object_r:matahari_netd_exec_t:s0

Comment 18 errata-xmlrpc 2011-12-06 10:19:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1511.html

Note You need to log in before you can comment on or make changes to this bug.