Bug 971593 - /var/lock/mailman created with wrong permissions on every boot
Summary: /var/lock/mailman created with wrong permissions on every boot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-06 21:17 UTC by H. Peter Anvin
Modified: 2013-07-25 00:39 UTC (History)
5 users (show)

Fixed In Version: selinux-policy-3.11.1-98.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-25 00:39:11 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description H. Peter Anvin 2013-06-06 21:17:44 UTC 
Description of problem:
After reboot, /var/lock/mailman gets created with the wrong labels.  This breaks all administrative functionality in mailman.

restorecon gives:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.10.0-169.fc17.noarch
mailman-2.1.14-13.fc17.x86_64

How reproducible:
Happens after every reboot, since /var/lock is part of /run

Steps to Reproduce:
1. Reboot system
2. Check labels on /var/lock/mailman
3.

Actual results:


Expected results:


Additional info:
Comment 1 H. Peter Anvin 2013-06-06 21:18:52 UTC 
Actually complete paste:

[root@terminus mailman]# restorecon -v -R .
restorecon reset /run/lock/mailman context system_u:object_r:var_run_t:s0->system_u:object_r:mailman_lock_t:s0
restorecon reset /run/lock/mailman/master-qrunner.terminus.zytor.com.2223 context system_u:object_r:mailman_var_run_t:s0->system_u:object_r:mailman_lock_t:s0
Comment 2 Daniel Walsh 2013-06-07 17:47:20 UTC 
bc0348c466a92d42aa72658f3ea93013aaa43201 fixes this in git.
Comment 3 Jan Kaluža 2013-06-10 10:48:37 UTC 
I'm little bit confused now. Daniel, in which git repository the fix is?
Comment 4 Miroslav Grepl 2013-06-10 11:44:22 UTC 
git://git.fedorahosted.org/selinux-policy.git

back ported to F18.
Comment 5 H. Peter Anvin, Intel 2013-06-13 18:22:32 UTC 
We need this on F17 too...
Comment 6 Miroslav Grepl 2013-06-14 05:45:02 UTC 
Back ported.

commit bf2f597e0b69189de0ba3ac0af05d79ad29305d7
Author: Miroslav Grepl <mgrepl>
Date:   Fri Jun 14 07:44:46 2013 +0200

     Fix labeling of mailman
Comment 7 H. Peter Anvin 2013-06-19 21:18:06 UTC 
Is there a koji build for this for F17 by any chance?
Comment 8 Fedora Update System 2013-06-27 13:35:19 UTC 
selinux-policy-3.11.1-98.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-98.fc18
Comment 9 Fedora Update System 2013-06-28 06:09:22 UTC 
Package selinux-policy-3.11.1-98.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-98.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-11859/selinux-policy-3.11.1-98.fc18
then log in and leave karma (feedback).
Comment 10 H. Peter Anvin 2013-07-08 19:07:21 UTC 
To repeat:

Is there a build for this for F17 by any chance?  (Before 17 disappears?)
Comment 11 Miroslav Grepl 2013-07-08 20:40:35 UTC 
Yes, I am working on the latest F17 fixes and the fix for this bug is coming with these fixes.
Comment 12 Fedora Update System 2013-07-25 00:39:11 UTC 
selinux-policy-3.11.1-98.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.