Red Hat Bugzilla – Bug 919409
wrong selinux context of /etc/multipath/bindings after the installation
Last modified: 2015-09-27 22:34:35 EDT
Description of problem: On a newly installed system I have: # ls -Zd /etc/multipath drwxr-xr-x. root root system_u:object_r:root_t:s0 /etc/multipath # rpm -qa | grep multipath # for P in `rpm -qa`; do rpm -q --scripts $P | grep -q multipath && echo $P; done # # ls -lZR /etc/multipath /etc/multipath: -rw-------. root root system_u:object_r:root_t:s0 bindings but the correct context is lvm_metadata_t (see bug 880407). in anaconda.log I can see: 11:21:28,431 INFO : moving (1) to step preinstallconfig 11:21:28,432 DEBUG : preinstallconfig is a direct step 11:21:28,456 DEBUG : isys.py:mount()- going to mount /selinux on /mnt/sysimage/selinux as selinuxfs with options defaults 11:21:28,459 DEBUG : isys.py:mount()- going to mount /proc/bus/usb on /mnt/sysimage/proc/bus/usb as usbfs with options defaults 11:21:28,467 INFO : copy_to_sysimage: source '/etc/multipath/wwids' does not exist. 11:21:28,467 DEBUG : copy_to_sysimage: '/etc/multipath/bindings' -> '/mnt/sysimage/etc/multipath/bindings'. 11:21:28,474 INFO : copy_to_sysimage: source '/etc/multipath/wwids' does not exist. 11:21:28,474 DEBUG : copy_to_sysimage: '/etc/multipath/bindings' -> '/mnt/sysimage/etc/multipath/bindings'. 11:21:28,477 INFO : leaving (1) step preinstallconfig seems that the context should be restored later on. How reproducible: always on the necessary system configuration Steps to Reproduce: 1. just install the system 2. check /etc/multipath/binding 3. Actual results: /etc/multipath directory has wrong selinux context Expected results: /etc/multipath (and its content) has correct selinux context Additional info:
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Created attachment 767576 [details] possible fix I'm attaching an updates.img with a proposed fix. Would someone mind testing this out to verify the correct SELinux context is being set now?
Created attachment 767581 [details] updates.img w/possible fix Bah; please ignore that first attachment and use this updates.img to test. (Sorry about that.)
Testing with updates image from comment 11 looks good: [root@rtt7 ~]# ls -lZ /etc/multipath -rw-------. root root system_u:object_r:lvm_metadata_t:s0 bindings -rw-------. root root system_u:object_r:lvm_metadata_t:s0 wwids [root@rtt7 ~]# ls -lZd /etc/multipath drwxr-xr-x. root root system_u:object_r:lvm_metadata_t:s0 /etc/multipath [root@rtt7 ~]# restorecon -Rv /etc/multipath [root@rtt7 ~]#
Thanks, Jan. Patch posted to anaconda-patches for review.
Patch pushed to rhel6-branch, commit 30ae37ce3ffb8e1311fad4756b2842b984d9348d.
Reproduced on RHEL 6.4 x86_64 Server Verified fix on RHEL6.5-20131022.2 x86_64 Server
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1588.html