Bug 812631 - Confusion between httpd_user_ra_content_t and httpd_user_content_ra_t
Confusion between httpd_user_ra_content_t and httpd_user_content_ra_t
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
16
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-15 11:09 EDT by Tim Landscheidt
Modified: 2012-04-21 23:35 EDT (History)
1 user (show)

See Also:
Fixed In Version: selinux-policy-3.10.0-84.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 813959 (view as bug list)
Environment:
Last Closed: 2012-04-21 23:35:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Landscheidt 2012-04-15 11:09:04 EDT
Description of problem:

Files in (inter alia) $HOME/public_html/w/.git/logs/* have context httpd_user_ra_content_t which restorecon wants to set to httpd_user_content_ra_t but doesn't succeed.


Version-Release number of selected component (if applicable):

selinux-policy-3.10.0-80.fc16.noarch
selinux-policy-targeted-3.10.0-80.fc16.noarch


How reproducible:

Always.


Actual results:

| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$ restorecon -v public_html/w/.git/logs/HEAD 
| restorecon reset /home/tim/public_html/w/.git/logs/HEAD context unconfined_u:object_r:httpd_user_ra_content_t:s0->unconfined_u:object_r:httpd_user_content_ra_t:s0
| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$ restorecon -v public_html/w/.git/logs/HEAD 
| restorecon reset /home/tim/public_html/w/.git/logs/HEAD context unconfined_u:object_r:httpd_user_ra_content_t:s0->unconfined_u:object_r:httpd_user_content_ra_t:s0
| [tim@passepartout ~]$


Expected results:

restorecon should succeed.


Additional info:

| [root@passepartout ~]# semanage -o -
| boolean -D
| boolean -1 fcron_crond
| boolean -1 httpd_enable_homedirs
| login -D
| login -a -s unconfined_u -r 's0-s0:c0.c1023' __default__
| login -a -s unconfined_u -r 's0-s0:c0.c1023' root
| login -a -s system_u -r 's0-s0:c0.c1023' system_u
| user -D
| port -D
| interface -D
| node -D
| fcontext -D
| [root@passepartout ~]#
Comment 1 Tim Landscheidt 2012-04-15 11:10:52 EDT
Forgot that chcon fails also:

| [tim@passepartout ~]$ chcon unconfined_u:object_r:httpd_user_content_ra_t:s0 public_html/w/.git/logs/HEAD 
| [tim@passepartout ~]$ ll -Z public_html/w/.git/logs/HEAD 
| -rw-rw-r--. tim tim unconfined_u:object_r:httpd_user_ra_content_t:s0 public_html/w/.git/logs/HEAD
| [tim@passepartout ~]$
Comment 2 Miroslav Grepl 2012-04-16 05:48:16 EDT
Good catch. Thank you.

Fixed in selinux-policy-3.10.0-84.fc16
Comment 3 Fedora Update System 2012-04-18 08:53:28 EDT
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
Comment 4 Fedora Update System 2012-04-21 23:35:38 EDT
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.