Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-140884

newaliases creates /etc/aliases.lmdb with wrong context

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • selinux-policy-42.1.16-1.el10
    • No
    • Moderate
    • 1
    • rhel-security-selinux
    • 25
    • 1
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • SELINUX 260218: 18
    • Hide

      The /etc/aliases.lmdb file is labeled correctly immediately after its creation.

      Show
      The /etc/aliases.lmdb file is labeled correctly immediately after its creation.
    • Pass
    • Automated
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      When executing newaliases command, the /etc/aliases.lmdb file is being created with wrong etc_t context, instead of etc_aliases_t:

      # matchpathcon /etc/aliases.lmdb
/etc/aliases.lmdb	system_u:object_r:etc_aliases_t:s0

# rm /etc/aliases.lmdb || true
# newaliases
# ls -Z /etc/aliases.lmdb
unconfined_u:object_r:etc_t:s0 /etc/aliases.lmdb

      The reason for this is missing the following rule in policy/modules/contrib/mta.if (mta_filetrans_named_content interface):

      mta_etc_filetrans_aliases($1, "aliases.lmdb")

      What is the impact of this issue to you?

      Need to fix the label using restorecon.

      Please provide the package NVR for which the bug is seen:

      selinux-policy-40.13.26-1.el10.noarch
      Fedora Rawhide as well

      How reproducible is this bug?:

      Always see above.

              rhn-support-zpytela Zdenek Pytela
              rhn-support-rmetrich Renaud Métrich
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: