Red Hat Bugzilla – Bug 842384
Glibc 2.5-81.el5_8.4 update changes SELinux context of nssswitch.conf to rpm_script_tmp_t
Last modified: 2016-11-24 10:55:53 EST
Description of problem:
Update to latest glibc package (2.5-81.el5_8.4) on RHEL5.8 x86_64 changes context of /etc/nssswitch.conf to rpm_script_tmp_t, when it should remain etc_t.
Version-Release number of selected component (if applicable): glibc-2.5-81.el5_8.4
every RHEL5.8 server updated
Steps to Reproduce:
1. update glibc to 2.5-81.el5_8.4
2. list the context of /etc/nssswitch.conf
/etc/nssswitch.conf SELinux context is changed to rpm_script_tmp_t.
/etc/nssswitch.conf SELinux context will remain (or after update scripts are run be changed back to) etc_t.
Permission Denied syscalls are seen in the audit.log for nscd. After a restorecon/etc/nssswitch.conf, these syscalls are resolved.
Gary, are you sure you didn't update any other components, particular sudo at the same time. We're currently tracking an issue where an update of sudo causes this kind of problem.
rpm -q --scripts sudo
Shows the scripts run by sudo when it's installed/updated. Note that it twiddles nssswitch.conf in fun and interesting ways, but does not restore its selinux context properly when complete.
*** This bug has been marked as a duplicate of bug 818585 ***
Jeff, I wasn't sure that glibc was the component that did it, I only filed it against that component as an rpm -q --whatprovides /etc/nsswitch.conf shows glibc owns it. Sorry, I should have investigated further. Interestingly we did update sudo at the same time, sudo-1.7.2p1-14.el5_8.x86_64 is now our installed version. Thanks for the correction.