[DSE-Dev] Bug#740656: marked as done (selinux-policy-default: missing fcontext rule for /etc/init.d/ntp)

[Debian Bug Tracking System]

Your message dated Sat, 15 Mar 2014 09:20:13 +0000
with message-id <e1woklj-0001wm...@franck.debian.org>
and subject line Bug#740656: fixed in refpolicy 2:2.20140311-1
has caused the Debian Bug report #740656,
regarding selinux-policy-default: missing fcontext rule for /etc/init.d/ntp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
740656: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740656
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: selinux-policy-default
Version: 2:2.20140206-1
Severity: normal

The init script for ntpd in Debian is named /etc/init.d/ntp.  The fcontext
module for ntpd (modules/contrib/ntp.fc) expects it to be named
/etc/(rc.d/)init.d/ntpd instead (that is, with a trailing 'd').  As a result
ntpd runs under the wrong label and generates lots of spurious AVC messages.

I think the cure is as simple as adding

/etc/rc\.d/init\.d/ntp --      
gen_context(system_u:object_r:ntpd_initrc_exec_t,s0)

right after the existing 

/etc/rc\.d/init\.d/ntpd --      
gen_context(system_u:object_r:ntpd_initrc_exec_t,s0)

in ntp.fc.  (Or you could change "ntpd" to "ntpd?" on the existing line,
making that regex match both possible names, but that might not be
understood as easily.)

zw

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (501, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: refpolicy
Source-Version: 2:2.20140311-1

We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 740...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bi...@debian.org> (supplier of updated refpolicy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 15 Mar 2014 09:56:53 +0100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src 
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20140311-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Laurent Bigonville <bi...@debian.org>
Description: 
 selinux-policy-default - Strict and Targeted variants of the SELinux policy
 selinux-policy-dev - Headers from the SELinux reference policy for building 
modules
 selinux-policy-doc - Documentation for the SELinux reference policy
 selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
 selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 739163 740656
Changes: 
 refpolicy (2:2.20140311-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release
   * d/p/u/0001-Properly-label-git-shell-and-other-git-commands-for-.patch:
     Properly label git commands as bin_t and git-shell as shell_exec_t
   * d/p/u/0002-Label-usr-sbin-lightdm-as-xdm_exec_t.patch: Properly label
     lightdm executable as xdm_exec_t (Closes: #739163)
   * d/p/u/0003-Add-several-fcontext-for-debian-specific-paths-for-n.patch:
     Properly label ntp initscript and other ntp related files (Closes: #740656)
Checksums-Sha1: 
 a1876df10cf3c6646c60ee44147e1a1f7666b66d 2011 refpolicy_2.20140311-1.dsc
 c8c048aca9fb964c94e75835ec18315d69030ce3 664416 
refpolicy_2.20140311.orig.tar.bz2
 46bb3d302ebbe4998e4acb698f6c0890e95062d3 43864 
refpolicy_2.20140311-1.debian.tar.xz
 d1affc7b889ec429c9c48f6e8b4c8433cd65b11b 2864834 
selinux-policy-default_2.20140311-1_all.deb
 dd49bb307ec60161b16b95009b8bcde0c745206d 2909868 
selinux-policy-mls_2.20140311-1_all.deb
 3563f4a3bf2e2a70d8ea2cf04daa0aedaded52ff 1190080 
selinux-policy-src_2.20140311-1_all.deb
 7a5041ac1ca4a7c9f87dbbf93f8c161cc34a8d98 429550 
selinux-policy-dev_2.20140311-1_all.deb
 4e7fca0990cb8ed871f13e63c3112e929fc324f6 407396 
selinux-policy-doc_2.20140311-1_all.deb
Checksums-Sha256: 
 e145c9d8c1b59db1c312ecb2214a005d50b8b495cb8372d5044dfc69e621cf93 2011 
refpolicy_2.20140311-1.dsc
 f69437db95548c78a5dec44c236397146b144153149009ea554d2e536e5436f7 664416 
refpolicy_2.20140311.orig.tar.bz2
 f4243250f9d1650f825e596e5f7d834e8a605de6f7c6eb0d9182f8d14b1999f1 43864 
refpolicy_2.20140311-1.debian.tar.xz
 11fa55ec5567bb5670634ad42930610196761cc8ffacded533599207bebcebbe 2864834 
selinux-policy-default_2.20140311-1_all.deb
 1c5cc7704e25af1045ea024bee44c3596e8389c1f1ec9992005cbf3653bcc82b 2909868 
selinux-policy-mls_2.20140311-1_all.deb
 1b6b812d01d8850c01359e7bcaa713f104ea844b686b6731ec3c0b12cbd7e025 1190080 
selinux-policy-src_2.20140311-1_all.deb
 b11da7b18cfcdf14007e2ab4240f0edad97aa7c89e104d90d18fb8519bb657b3 429550 
selinux-policy-dev_2.20140311-1_all.deb
 5dad926c4bcb43d4ee0ed29d61e85fcf29ea2296790353071adbe635c540488c 407396 
selinux-policy-doc_2.20140311-1_all.deb
Files: 
 8080ef0b434fa5542f3d94c86d2517d7 2011 admin optional refpolicy_2.20140311-1.dsc
 418f8d2a6ada3a299816153e70970449 664416 admin optional 
refpolicy_2.20140311.orig.tar.bz2
 1ec59c71ab1b4d533086346e9e5891b0 43864 admin optional 
refpolicy_2.20140311-1.debian.tar.xz
 35c0e65f9f15efd1b1a89868e55c33fe 2864834 admin optional 
selinux-policy-default_2.20140311-1_all.deb
 991b073ba54195fa3dc07a3486f05e5a 2909868 admin extra 
selinux-policy-mls_2.20140311-1_all.deb
 ea74c63b573b9697ad4ec718b2863648 1190080 admin optional 
selinux-policy-src_2.20140311-1_all.deb
 4de48b47083ea770fb60bebf0eaeaebe 429550 admin optional 
selinux-policy-dev_2.20140311-1_all.deb
 aeb33bbdc6a3ce00f7e46f9cb2d6ca1b 407396 doc optional 
selinux-policy-doc_2.20140311-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJTJBdOAAoJEB/FiR66sEPVje0H/2JXVtW31a3SZ/h7Zo91fnxl
+2WtEAnBBJb9SHPqD6zNy2gg1y2GYkc/rQDdEggqfH96qLtgVhfTb+D6fZsR5uNF
5m1rshpTmuXbgGrDNaz+SndQ56PFE1Aa1wgW8rMJznIc1ddWf1MHcBi57GqgrDB9
zSElYfs2CxnfKCoT5/N55Z/OMeGS56sloVV9eEkpRs9dDNdd+Eddz7BbK8AnwQ0n
SKX3DmChfHmfasv0b31N0UYFIasZUxKZ8aZISA9KS/gKFSSKRbk5PVLxtmgD9ZIv
5ZHwdNsPge0e9EeCrsOBLZPmNBxVQYFE4iFyrW7iDtyzGflFtsIF4AXYeSlAaeE=
=MOsO
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel