Please fix for plesk wrong selinux data

[105547111]

Can the developers fix the bad selinux data they have added for qmail please:

/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/qmail/queue(/.*)?
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/qmail/control(/.*)?
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/qmail/bin/tcp-env
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/qmail/bin/qmail-smtpd

 

[IgorG]

Could you please provide more details how it can be reproduced? And what is the output of 'getenforce' command?

 

[105547111]

Hi IgorG,

Thanks so much for the reply.

Everytime I update selinux-policy-targeted its complaining about multiple specifications on 4 qmail files (I use postfix and there is no qmail on the system).

I need to remove these from policy. Its being added in the psa-selinux package.

Its always happening and I filled a bug in fedora, and the cause is not in fedora but the psa package.

Multiple different
specifications for /var/qmail/queue(/.*)?

Multiple different
specifications for /var/qmail/control(/.*)?

Multiple different
specifications for /var/qmail/bin/tcp-env

Multiple different
specifications for /var/qmail/bin/qmail-smtpd

See these are not even in my system:

[root@server ~]# ls -la /var/qmail
total 24
drwxr-xr-x. 6 root root 4096 2009-12-27 18:02 .
drwxr-xr-x. 29 root root 4096 2009-12-27 16:28 ..
drwxr-xr-x. 30 root root 4096 2009-12-30 11:15 mailnames
drwxr-xr-x. 2 popuser popuser 4096 2009-12-30 11:03 popuser
drwxr-xr-x. 2 root root 4096 2009-10-25 02:50 .pyzor
drwxr-xr-x. 2 root root 4096 2010-01-21 02:50 .razor
[root@server ~]#


The attached file is out of the yum update

If you can see I am not alone:

http://forum.parallels.com/pda/index.php/t-79198.html

I just would like to fix it, as it causes hassles everytime policy gets updated.

Thanks!

 

[IgorG]

I have forwarded this information to development team for the further investigation. I will update this thread as soon as I receive any useful information.

 

[gwnet]

Update

I would like to know what the status on this is since I have a new server and am getting the exact same errors.

 

[IgorG]

This issue still under developer's investigation. I will update thread with results as soon as I receive it.

 

[fogelf]

I'll try to explain warnings. Sorry, if many tech. terms.

Need special selinux contexts for plesk correct working. Especcialy it affected mail system.
Native system package selinux-policy-targeted contains definition for qmail (check file /usr/share/selinux/targeted/qmail.pp.bz2), but context is not correct, so psa-selinux installs properly context.
If U will update system package selinux-policy-targeted during postinstall stage it tries to apply default qmail context (and many other), but such context is already exists (semodule -l | grep plesk). So there is policy conflict and selinux-policy-targeted skip qmail context installation, note all another policy are installed well.


[root@a10-52-42-34 targeted]# semodule -i qmail.pp.bz2 -s targeted
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/queue(/.*)? (system_ubject_r:qmail_spool_t:s0 and system_ubject_r:mail_spool_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/control(/.*)? (system_ubject_r:qmail_etc_t:s0 and system_ubject_r:etc_mail_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/bin/tcp-env (system_ubject_r:qmail_tcp_env_exec_t:s0 and system_ubject_r:sendmail_exec_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/bin/qmail-smtpd (system_ubject_r:qmail_smtpd_exec_t:s0 and system_ubject_r:sendmail_exec_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_install_active: setfiles returned error code 1.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/queue(/.*)? (system_ubject_r:qmail_spool_t:s0 and system_ubject_r:mail_spool_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/control(/.*)? (system_ubject_r:qmail_etc_t:s0 and system_ubject_r:etc_mail_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/bin/tcp-env (system_ubject_r:qmail_tcp_env_exec_t:s0 and system_ubject_r:sendmail_exec_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /var/qmail/bin/qmail-smtpd (system_ubject_r:qmail_smtpd_exec_t:s0 and system_ubject_r:sendmail_exec_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_install_active: setfiles returned error code 1.
semodule: Failed!
[root@a10-52-42-34 targeted]# echo $?
1
[root@a10-52-42-34 targeted]#

[root@a10-52-42-34 targeted]# semodule -l | egrep "plesk|qmail"
plesk 9.5.4 <<< incrrorect policy are not applied
[root@a10-52-42-34 targeted]#

So warnings just show that properly plesk-selinux contexts are not rewriten.