Bug 971593 - /var/lock/mailman created with wrong permissions on every boot
/var/lock/mailman created with wrong permissions on every boot
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
18
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-06 17:17 EDT by H. Peter Anvin
Modified: 2013-07-24 20:39 EDT (History)
5 users (show)

See Also:
Fixed In Version: selinux-policy-3.11.1-98.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-24 20:39:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description H. Peter Anvin 2013-06-06 17:17:44 EDT
Description of problem:
After reboot, /var/lock/mailman gets created with the wrong labels.  This breaks all administrative functionality in mailman.

restorecon gives:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-169.fc17.noarch
mailman-2.1.14-13.fc17.x86_64

How reproducible:
Happens after every reboot, since /var/lock is part of /run

Steps to Reproduce:
1. Reboot system
2. Check labels on /var/lock/mailman
3.

Actual results:


Expected results:


Additional info:
Comment 1 H. Peter Anvin 2013-06-06 17:18:52 EDT
Actually complete paste:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->system_u:object_r:mailman_lock_t:s0
Comment 2 Daniel Walsh 2013-06-07 13:47:20 EDT
bc0348c466a92d42aa72658f3ea93013aaa43201 fixes this in git.
Comment 3 Jan Kaluža 2013-06-10 06:48:37 EDT
I'm little bit confused now. Daniel, in which git repository the fix is?
Comment 4 Miroslav Grepl 2013-06-10 07:44:22 EDT
git://git.fedorahosted.org/selinux-policy.git

back ported to F18.
Comment 5 H. Peter Anvin, Intel 2013-06-13 14:22:32 EDT
We need this on F17 too...
Comment 6 Miroslav Grepl 2013-06-14 01:45:02 EDT
Back ported.

commit bf2f597e0b69189de0ba3ac0af05d79ad29305d7
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Fri Jun 14 07:44:46 2013 +0200

     Fix labeling of mailman
Comment 7 H. Peter Anvin 2013-06-19 17:18:06 EDT
Is there a koji build for this for F17 by any chance?
Comment 8 Fedora Update System 2013-06-27 09:35:19 EDT
selinux-policy-3.11.1-98.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-98.fc18
Comment 9 Fedora Update System 2013-06-28 02:09:22 EDT
Package selinux-policy-3.11.1-98.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-98.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-11859/selinux-policy-3.11.1-98.fc18
then log in and leave karma (feedback).
Comment 10 H. Peter Anvin 2013-07-08 15:07:21 EDT
To repeat:

Is there a build for this for F17 by any chance?  (Before 17 disappears?)
Comment 11 Miroslav Grepl 2013-07-08 16:40:35 EDT
Yes, I am working on the latest F17 fixes and the fix for this bug is coming with these fixes.
Comment 12 Fedora Update System 2013-07-24 20:39:11 EDT
selinux-policy-3.11.1-98.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.