Re: I am concerned about putting genhomedircon changes in libsemanage into Fedora 8.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: I am concerned about putting genhomedircon changes in libsemanage into Fedora 8.
Date: Wed, 26 Sep 2007 10:01:03 -0400	[thread overview]
Message-ID: <46FA661F.1080703@redhat.com> (raw)
In-Reply-To: <46CED283.8060804@redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel J Walsh wrote:
> I may hold off on this so we can get a full Rawhide cycle on it.
> genhomedircon has many corner cases and do not want to risk blowing F-8
> now that we are at Feature Freeze.
> All the rest of the patches have been integrated.

- --
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

The genhomedircon replacement is broken in libsemanage.  It is
generating invalid file context.  The python version verified the
file context it was creating were valid before assiging them.  This is
resulting in Fedora Core 8 not being able to autorelabel

 /sbin/fixfiles restore
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 26
has invalid context user_u:object_r:user_gconf_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 51
has invalid context user_u:object_r:user_gconf_tmp_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 60
has invalid context mytuser_u:object_r:mytuser_gnome_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 63
has invalid context mytuser_u:object_r:httpd_mytuser_content_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 64
has invalid context mytuser_u:object_r:mytuser_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 65
has invalid context mytuser_u:object_r:mytuser_uml_rw_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 66
has invalid context mytuser_u:object_r:mytuser_mozilla_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 67
has invalid context mytuser_u:object_r:mytuser_xauth_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:  line 68
has invalid context mytuser_u:object_r:mytuser_fonts_t:s0
Exiting after 10 errors.

mytuser does not execute the mozilla_per_role_template to these types
are not valid.  genhomedircon is only supposed to generate valid context.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG+mYfrlYvE4MpobMRApsVAJ0QZKye8RZl+5To2e+5Y/XRx4CO/gCgxi01
U7EXmMgIuDtsH81KGKKhpeI=
=pcqC
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2007-09-26 14:01 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-24 12:43 I am concerned about putting genhomedircon changes in libsemanage into Fedora 8 Daniel J Walsh
2007-09-26 14:01 ` Daniel J Walsh [this message]
2007-09-26 14:47   ` Joshua Brindle
2007-09-26 14:52     ` Stephen Smalley
2007-09-26 14:56       ` Stephen Smalley
2007-09-26 15:03     ` Karl MacMillan
2007-09-26 15:06     ` Daniel J Walsh
2007-09-26 15:10       ` Joshua Brindle
2007-09-26 15:19         ` Stephen Smalley
2007-09-26 15:20       ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46FA661F.1080703@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.