Bug 813803 - /etc/zipl.conf must be labelled as boot_t
Summary: /etc/zipl.conf must be labelled as boot_t
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.3
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks: 813337
TreeView+ depends on / blocked
 
Reported: 2012-04-18 13:09 UTC by Dan Horák
Modified: 2012-10-16 10:56 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-3.7.19-147.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-20 12:33:48 UTC
Target Upstream Version:

Attachments (Terms of Use)
proposed update (907 bytes, patch)
2012-04-19 08:27 UTC, Dan Horák 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0780 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2012-06-19 20:34:59 UTC

Description Dan Horák 2012-04-18 13:09:23 UTC 
/etc/zipl.conf must be labelled as boot_t (same as grub or yaboot config files) otherwise system-config-kdump won't work on s390x, see bug #813337
Comment 2 Dan Horák 2012-04-19 08:27:40 UTC 
Created attachment 578536 [details]
proposed update

The kexec-tool package contains a local policy file that talks about boot_t, but I don't know if or how it is used. There seems to be a support for labelling bootloader files in modules/admin/bootloader.fc so I guess zipl support should be modelled after grub, lilo or yaboot.
Comment 3 Miroslav Grepl 2012-04-20 13:58:32 UTC 
I added the patch to Fedora.
Comment 7 errata-xmlrpc 2012-06-20 12:33:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0780.html
Note You need to log in before you can comment on or make changes to this bug.