Description of problem: Update to latest glibc package (2.5-81.el5_8.4) on RHEL5.8 x86_64 changes context of /etc/nssswitch.conf to rpm_script_tmp_t, when it should remain etc_t. Version-Release number of selected component (if applicable): glibc-2.5-81.el5_8.4 How reproducible: every RHEL5.8 server updated Steps to Reproduce: 1. update glibc to 2.5-81.el5_8.4 2. list the context of /etc/nssswitch.conf 3. Actual results: /etc/nssswitch.conf SELinux context is changed to rpm_script_tmp_t. Expected results: /etc/nssswitch.conf SELinux context will remain (or after update scripts are run be changed back to) etc_t. Additional info: Permission Denied syscalls are seen in the audit.log for nscd. After a restorecon/etc/nssswitch.conf, these syscalls are resolved.
Gary, are you sure you didn't update any other components, particular sudo at the same time. We're currently tracking an issue where an update of sudo causes this kind of problem. rpm -q --scripts sudo Shows the scripts run by sudo when it's installed/updated. Note that it twiddles nssswitch.conf in fun and interesting ways, but does not restore its selinux context properly when complete. *** This bug has been marked as a duplicate of bug 818585 ***
Jeff, I wasn't sure that glibc was the component that did it, I only filed it against that component as an rpm -q --whatprovides /etc/nsswitch.conf shows glibc owns it. Sorry, I should have investigated further. Interestingly we did update sudo at the same time, sudo-1.7.2p1-14.el5_8.x86_64 is now our installed version. Thanks for the correction.