Bug 842384 - Glibc 2.5-81.el5_8.4 update changes SELinux context of nssswitch.conf to rpm_script_tmp_t
Glibc 2.5-81.el5_8.4 update changes SELinux context of nssswitch.conf to rpm_...
Status: CLOSED DUPLICATE of bug 818585
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: glibc (Show other bugs)
5.8
x86_64 Unspecified
unspecified Severity urgent
: rc
: ---
Assigned To: Jeff Law
qe-baseos-tools
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-23 12:24 EDT by Gary Anderson
Modified: 2012-07-23 12:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-07-23 12:31:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gary Anderson 2012-07-23 12:24:12 EDT
Description of problem:
Update to latest glibc package (2.5-81.el5_8.4) on RHEL5.8 x86_64 changes context of /etc/nssswitch.conf to rpm_script_tmp_t, when it should remain etc_t.


Version-Release number of selected component (if applicable): glibc-2.5-81.el5_8.4


How reproducible:
every RHEL5.8 server updated


Steps to Reproduce:
1. update glibc to 2.5-81.el5_8.4
2. list the context of /etc/nssswitch.conf
3.
  
Actual results:
/etc/nssswitch.conf SELinux context is changed to rpm_script_tmp_t.


Expected results:
/etc/nssswitch.conf SELinux context will remain (or after update scripts are run be changed back to) etc_t.


Additional info:
Permission Denied syscalls are seen in the audit.log for nscd.  After a restorecon/etc/nssswitch.conf, these syscalls are resolved.
Comment 1 Jeff Law 2012-07-23 12:31:22 EDT
Gary, are you sure you didn't update any other components, particular sudo at the same time.   We're currently tracking an issue where an update of sudo causes this kind of problem.

rpm -q --scripts sudo

Shows the scripts run by sudo when it's installed/updated.  Note that it twiddles nssswitch.conf in fun and interesting ways, but does not restore its selinux context properly when complete.

*** This bug has been marked as a duplicate of bug 818585 ***
Comment 2 Gary Anderson 2012-07-23 12:37:55 EDT
Jeff, I wasn't sure that glibc was the component that did it, I only filed it against that component as an rpm -q --whatprovides /etc/nsswitch.conf shows glibc owns it.  Sorry, I should have investigated further.  Interestingly we did update sudo at the same time, sudo-1.7.2p1-14.el5_8.x86_64 is now our installed version.  Thanks for the correction.

Note You need to log in before you can comment on or make changes to this bug.