Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 159409

Summary: rpm --verify selinux-policy-targeted reports errors on dynamic files
Product: [Fedora] Fedora Reporter: Jonathan Kamens <jik>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: sundaram
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.23.18-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-04 23:47:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Jonathan Kamens 2005-06-02 14:29:16 UTC
When I run rpm --verify selinux-policy-targeted, it reports:

S.5....T    /etc/selinux/targeted/contexts/files/file_contexts.homedirs

When I examine this file, I see entries for libflashplayer.so, which makes me 
suspect that the file was updated somehow when I installed flash, and that 
this was a correct update.  The rpm --verify output doesn't make it clear that 
this file is allowed to be dynamically updated as a result of installs of 
subsequent packages.  Should it be listed with a "c" to show that it's a 
config file?

Comment 1 Zuirdj 2005-06-03 19:15:20 UTC
Maybe this is related.

When I browse a webpage with flash images, Firefox freeze. In /var/log messages:

localhost kernel: audit(1117814713.345:6): avc:  denied  { execmod } for 
pid=3252 comm="firefox-bin" name=libflashplayer.so dev=hda6 ino=327319
scontext=user_u:system_r:unconfined_t tcontext=user_u:object_r:default_t tclass=file

Comment 2 Daniel Walsh 2005-06-06 13:46:12 UTC
The first problem requires a fix in the spec file to make it config.  It will
show up in the next release.   The second problem is a labeling problem.  
selinux-policy-targeted-1.23.18-1

restorecon libflashplayer.so