Bug 812631 - Confusion between httpd_user_ra_content_t and httpd_user_content_ra_t
Summary: Confusion between httpd_user_ra_content_t and httpd_user_content_ra_t
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-15 15:09 UTC by Tim Landscheidt
Modified: 2012-04-22 03:35 UTC (History)
1 user (show)

Fixed In Version: selinux-policy-3.10.0-84.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 813959 (view as bug list)
Environment:
Last Closed: 2012-04-22 03:35:38 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Tim Landscheidt 2012-04-15 15:09:04 UTC 
Description of problem:

Files in (inter alia) $HOME/public_html/w/.git/logs/* have context httpd_user_ra_content_t which restorecon wants to set to httpd_user_content_ra_t but doesn't succeed.


Version-Release number of selected component (if applicable):

selinux-policy-3.10.0-80.fc16.noarch
selinux-policy-targeted-3.10.0-80.fc16.noarch


How reproducible:

Always.


Actual results:

| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$ restorecon -v public_html/w/.git/logs/HEAD 
| restorecon reset /home/tim/public_html/w/.git/logs/HEAD context unconfined_u:object_r:httpd_user_ra_content_t:s0->unconfined_u:object_r:httpd_user_content_ra_t:s0
| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$ restorecon -v public_html/w/.git/logs/HEAD 
| restorecon reset /home/tim/public_html/w/.git/logs/HEAD context unconfined_u:object_r:httpd_user_ra_content_t:s0->unconfined_u:object_r:httpd_user_content_ra_t:s0
| [tim@passepartout ~]$


Expected results:

restorecon should succeed.


Additional info:

| [root@passepartout ~]# semanage -o -
| boolean -D
| boolean -1 fcron_crond
| boolean -1 httpd_enable_homedirs
| login -D
| login -a -s unconfined_u -r 's0-s0:c0.c1023' __default__
| login -a -s unconfined_u -r 's0-s0:c0.c1023' root
| login -a -s system_u -r 's0-s0:c0.c1023' system_u
| user -D
| port -D
| interface -D
| node -D
| fcontext -D
| [root@passepartout ~]#
Comment 1 Tim Landscheidt 2012-04-15 15:10:52 UTC 
Forgot that chcon fails also:

| [tim@passepartout ~]$ chcon unconfined_u:object_r:httpd_user_content_ra_t:s0 public_html/w/.git/logs/HEAD 
| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$
Comment 2 Miroslav Grepl 2012-04-16 09:48:16 UTC 
Good catch. Thank you.

Fixed in selinux-policy-3.10.0-84.fc16
Comment 3 Fedora Update System 2012-04-18 12:53:28 UTC 
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
Comment 4 Fedora Update System 2012-04-22 03:35:38 UTC 
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.