Bug 862350 - update_yaml.rb sets yaml file to wrong selinux context...
update_yaml.rb sets yaml file to wrong selinux context...
Product: OpenShift Origin
Classification: Red Hat
Component: Containers (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Rob Millner
libra bugs
Depends On:
  Show dependency treegraph
Reported: 2012-10-02 13:18 EDT by Thomas Wiest
Modified: 2015-05-14 19:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-11-06 13:48:25 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Thomas Wiest 2012-10-02 13:18:28 EDT
Description of problem:
update_yaml.rb is creating the out_file in /tmp and then moving it, which sets the file's selinux context to this:


However, the context needs to be set to the context of where the file is moved to. In our case, we use /etc/mcollective/facts.yaml which needs an selinux context of (according to restorecon):


A possible fix would be to use cp instead of mv since cp will set the context correctly for the new location. Then use rm to get rid of the tmp file.

Note: this is a new bug in this script. This was not a problem in r2.0.17.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run: /usr/libexec/mcollective/update_yaml.rb /etc/mcollective/facts.yaml
2. run: restorecon -Rvn /etc/mcollective/facts.yaml
3. Notice that restorecon says that this file's context is wrong.
Actual results:
Wrong selinux context: unconfined_u:object_r:user_tmp_t:s0

Expected results:
Correct selinux context: unconfined_u:object_r:etc_t:s0
Comment 1 Rob Millner 2012-10-02 14:39:20 EDT
Pull request https://github.com/openshift/crankcase/pull/576
Comment 2 Rob Millner 2012-10-02 17:09:38 EDT
Pull request accepted into master.
Comment 3 Peter Ruan 2012-10-05 19:56:49 EDT
verified with devenv_2288

root@ip-10-144-64-109 ~]# /usr/libexec/mcollective/update_yaml.rb /etc/mcollective/facts.yaml  
[root@ip-10-144-64-109 ~]# restorecon -Rvn /etc/mcollective/facts.yaml 
[root@ip-10-144-64-109 ~]# 

// note, there's no error.

Note You need to log in before you can comment on or make changes to this bug.