Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.3.0
Component/s: librepo
Labels:
None

Fixed in Build:
librepo-1.14.5-2.el9
Severity:
Major
Epic Link:
SWM-1123

Pool Team:

sst_cs_software_management
Sub-System Group:

ssg_core_services

Dev Target Milestone:
14
Internal Target Milestone:
16
Story Points:
None
ACKs Check:

QE ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes

Acceptance Criteria:

Hide

If librepo runs in insights_client_t SELinux domain and creates /run/user/0 directory, a SELinux context type of the directory will match default file context database (user_tmp_t).

Show
If librepo runs in insights_client_t SELinux domain and creates /run/user/0 directory, a SELinux context type of the directory will match default file context database (user_tmp_t).
Test Plan:
https://tcms.engineering.redhat.com/case/0615912/
Git Pull Request:
https://github.com/rpm-software-management/librepo/pull/290
Preliminary Testing:
Pass
Test Link:
https://pkgs.devel.redhat.com/cgit/tests/librepo/tree/Regression/RHEL-10720-Set-a-default-SELinux-label-on-run-user-0
Errata Link:
https://errata.devel.redhat.com/advisory/124957
Gating Tests:

Enabled
Test Coverage:

Automated

Release Note Type:
Bug Fix
Release Note Text:

Hide
.`systemd` now correctly manages the `/run/user/0` directory created by `librepo`

Previously, if the `librepo` functions were called from an Insights client before logging in root, the `/run/user/0` directory could be created with a wrong SELinux context type. This prevented `systemd` from cleaning the directory after you logged out from root.

With this update, the `librepo` package now sets a default creation type according to default file system labeling rules defined in a SELinux policy. As a result, `systemd` now correctly manages the `/run/user/0` directory created by `librepo`.

Show
.`systemd` now correctly manages the `/run/user/0` directory created by `librepo` Previously, if the `librepo` functions were called from an Insights client before logging in root, the `/run/user/0` directory could be created with a wrong SELinux context type. This prevented `systemd` from cleaning the directory after you logged out from root. With this update, the `librepo` package now sets a default creation type according to default file system labeling rules defined in a SELinux policy. As a result, `systemd` now correctly manages the `/run/user/0` directory created by `librepo`.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

librepo implements the same workaround for placing gpg-agent socket file under /run/user/$PID path as libdnf. Because we want libdnf to prefer a default SELinux label on the directory (~~RHEL-11238~~) we need librepo to do the same.

Affected package: librepo-1.14.5-1.el9.x86_64.

blocks

RHEL-11238 libdnf may create /run/user/0 directory, causing a bad context to be applied, leading to further issues

Closed

clones

RHEL-10720 Set a default SELinux label on /run/user/$PID

Closed

links to

RHBA-2023:124957 librepo update

mentioned on

Merge request - Set default SELinux labels on GnuPG directories

Assignee:: Petr Pisar

Reporter:: Petr Pisar

Developer:: packaging-team-maint

QA Contact:: Jan Blazek

Doc Contact:: Mariya Pershina

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/10/02 2:27 PM

Updated:: 2024/05/29 4:33 PM

Resolved:: 2024/04/30 10:54 AM

Dev Target end:: 2023/12/04

Target end:: 2023/12/18

Release Date:: 2024/04/30

Details

Description

Attachments

Issue Links

Activity

People

Dates