467291 – sectool reports false positives

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 467291 - sectool reports false positives

Summary: sectool reports false positives

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sectool
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Peter Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F10Target
TreeView+	depends on / blocked

Reported:	2008-10-16 17:47 UTC by Dominick Grift
Modified:	2008-10-27 12:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-10-27 12:55:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
sectool results (794.11 KB, text/plain) 2008-10-16 17:47 UTC, Dominick Grift	no flags	Details
View All

Description Dominick Grift 2008-10-16 17:47:17 UTC

Created attachment 320586 [details]
sectool results

Description of problem:
sectool-gui filesystem check reports false positives for selinux-contexts

Version-Release number of selected component (if applicable):
sectool-gui-0.9.0-1.fc10.x86_64
sectool-0.9.0-1.fc10.x86_64

How reproducible:
Run the tests (level 5). Look into the filesystem report for /etc/localtime.
sectool reports that this location should have type etc_t, however matchpatchcon /etc/localtime reports that it should be locale_t.

Another example:

Warning(10)   Mislabeled directory '/usr/share/hplip/installer' found. Labeled as 'system_u:object_r:usr_t', should be 'system_u:object_r:bin_t

sh-3.2# matchpathcon /usr/share/hplip/installer
/usr/share/hplip/installer      system_u:object_r:usr_t

Comment 1 Peter Vrabec 2008-10-21 14:31:37 UTC

Could you try to reproduce the problem with the latest git version, please. 

We can't reproduce it, but I hope it have been already fixed.

What is your?
$ stat -Z /etc/localtime

Comment 2 Dominick Grift 2008-10-21 14:53:25 UTC

I dont think i would mind trying to reproduce the issue using the latest git version but i dont know the address. Could you not just point me to a source rpm somewhere instead?

  File: `/etc/localtime'
  Size: 2917      	Blocks: 8          IO Block: 4096   regular file
Device: fd01h/64769d	Inode: 737348      Links: 1     Device type: 0,0
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
   S_Context: system_u:object_r:locale_t
Access: 2008-10-21 16:48:50.000000000 +0200
Modify: 2008-09-30 17:59:09.000000000 +0200
Change: 2008-09-30 17:59:09.000000000 +0200

Comment 3 Peter Vrabec 2008-10-21 15:09:15 UTC

here we go:
http://people.redhat.com/pvrabec/rpms/sectool-0.9.0-2.src.rpm

Comment 4 Dominick Grift 2008-10-21 15:44:09 UTC

Works fine now in:

sectool-gui-0.9.0-2.x86_64
sectool-0.9.0-2.x86_64

thanks

Note You need to log in before you can comment on or make changes to this bug.