120279 – rpm checks selinux/file_contents when selinux is disabled

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 120279 - rpm checks selinux/file_contents when selinux is disabled

Summary: rpm checks selinux/file_contents when selinux is disabled

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	rawhide
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Johnson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	120612 121226 (view as bug list)
Depends On:
Blocks:	FC2Blocker
TreeView+	depends on / blocked

Reported:	2004-04-07 15:34 UTC by shmuel siegel
Modified:	2007-11-30 22:10 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-05-07 04:12:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description shmuel siegel 2004-04-07 15:34:05 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040312

Description of problem:
I am running with SELINUX=disabled in /etc/sysconfig/selinux
ls -Z says that I need a Selinux kernel
getenforce says disabled

so far nothing strange. However when I run up2date and it actually does
something, (i.e., I have something to install) I get about a thousand
invalid context warnings from /etc/security/selinux/file_contexts. 

Typical messages are 
/etc/security/selinux/file_contexts:  invalid context
root:object_r:staff_home_xauth_t on line number 1750
/etc/security/selinux/file_contexts:  invalid context
system_u:object_r:default_context_t on line number 1751

On the fedora-test-list I was told

RPM is checking to see the contents of
/etc/security/selinux/file_context for
each file installed, and the kernel is telling rpm it has no idea what 
it is talking about and rpm is reporting this as an error (Warning
actually).  So RPM should be doing a check to is_selinux_enabled()
before trying to assign context.

Version-Release number of selected component (if applicable):
rpm-4.3.1-0.1

How reproducible:
Always

Steps to Reproduce:
1.Make sure that SELinux is disabled
2.Login as root
3.run up2date when there is something to update
    

Actual Results:  up2date ran and installed the new packages but gave
about a thousand warning messages

Expected Results:  install packages without warning messages

Additional info:

I am using kernel-2.6.4-1.305 and policy-1.9.2-12

Comment 1 Captain 2004-04-26 18:36:40 UTC

"same here" on FC2test3 (didn't have this scenario on FC2test2)

kernel 2.6.5-1.327
policy policy-1.11.2-13
rpm-4.3.1-0.3

Comment 2 Phil Schaffner 2004-04-27 14:19:12 UTC

Similar problems with "yum upgrade" - lots of selinux errors.  (OT -
yum insists on "updating" compat-db which does not appear to have been
installed originally and installs several compat packages to satisfy
dependencies:
# yum upgrade
... grabs lots of headers ...
Finding obsoleted packages
Resolving dependencies
..Dependencies resolved
I will do the following:
[update: compat-db 4.1.25-2.1.i386]
I will install/upgrade these to satisfy the dependencies:
[deps: compat-libstdc++-devel 7.3-2.96.126.i386]
[deps: compat-gcc 7.3-2.96.126.i386]
[deps: compat-gcc-c++ 7.3-2.96.126.i386]
[deps: compat-libstdc++ 7.3-2.96.126.i386]
Is this ok [y/N]: y
/OT)

This is where the selinux errors appear...

Comment 3 Scott Sloan 2004-04-28 03:42:48 UTC

rpm -e policy 

will shut rpm up pretty much.

Comment 4 Scott Sloan 2004-04-28 03:57:36 UTC

Discussed in #fedora-devel

(22:57:24) jeremy: devscott: simple workaround is to put
%__file_context_path %{nil} in /etc/rpm/macros


Tis works to!

Comment 5 Gerald Teschl 2004-05-02 09:51:29 UTC

Same here. Pretty annoying, in particular since selinux is off
by default!

Does one need the macro in case one turns selinux on?

Comment 6 Gerald Teschl 2004-05-02 09:57:34 UTC

*** Bug 120612 has been marked as a duplicate of this bug. ***

Comment 7 Gerald Teschl 2004-05-02 09:58:20 UTC

*** Bug 121226 has been marked as a duplicate of this bug. ***

Comment 8 Jeremy Katz 2004-05-07 04:12:23 UTC

Should be better with current SysVinit + kernel.

Note You need to log in before you can comment on or make changes to this bug.