Bug 609173

Summary: Conflicting files reported during auto relabel
Product: Red Hat Enterprise Linux 6 Reporter: David Kutálek <dkutalek>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: mgrepl, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-29.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-10 21:35:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Kutálek 2010-06-29 15:02:05 UTC 
Description of problem:

During autorelabel of my filesystem (using touch /.autorelabel ; reboot), some conflicted files (or policies for files) were reported. Unfortunately I cannot find precise log in /var/log anywhere, but it was about these two files:

[root@timothy dkutalek]# ls -lZ /usr/lib/debug/usr/libexec/getconf/*
-r--r--r--. root root system_u:object_r:bin_t:s0       /usr/lib/debug/usr/libexec/getconf/POSIX_V6_LP64_OFF64.debug
-r--r--r--. root root system_u:object_r:bin_t:s0       /usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug

Probably one more file like 'default.debug' from the same directory was mentioned, but is not present on my filesystem now.
---

Version-Release number of selected component (if applicable):

selinux-policy-3.7.19-27.el6.noarch
glibc-debuginfo-2.12-1.3.el6.x86_64

How reproducible:

Don't know, happened during autorelabeling of my filesystem.
Not tried it again so far. Can do that if needed.

Steps to Reproduce:
1. Try to autorelabel filesystem, having above mentioned packages installed.
  
Actual results:

Some error messages.

Expected results:

No error messages.

Additional info:
Comment 1 RHEL Program Management 2010-06-29 15:03:14 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 2 Daniel Walsh 2010-06-29 15:38:01 UTC 
Are these files hard links to some other directory?

ls -l /usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug
Comment 3 David Kutálek 2010-06-29 16:23:08 UTC 
Yes, these three files are hardlinked together:

[root@timothy ~]# find / -inum 936231
/usr/lib/debug/usr/bin/getconf.debug
/usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug
/usr/lib/debug/usr/libexec/getconf/POSIX_V6_LP64_OFF64.debug

So the first one is probably that third file mentioned in my first comment as 'default.debug' - probably badly remembered.

David
Comment 4 Miroslav Grepl 2010-06-30 06:20:57 UTC 
David,
could you try to execute

# semanage fcontext -a -e /usr/lib/debug/usr/bin /usr/lib/debug/usr/libexec
# restorecon -R -v /usr/lib/debug/usr/libexec
# fixfiles check
Comment 5 David Kutálek 2010-06-30 12:12:17 UTC 
(In reply to comment #4)

[root@timothy dkutalek]# semanage fcontext -a -e /usr/lib/debug/usr/bin /usr/lib/debug/usr/libexec
[root@timothy dkutalek]# restorecon -R -v /usr/lib/debug/usr/libexec
restorecon reset /usr/lib/debug/usr/libexec context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/perf.2.6.32-37.el6.x86_64.debug context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/getconf context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/qemu-kvm.debug context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
[root@timothy dkutalek]# fixfiles check
/sbin/setfiles reset /dev/tty2 context unconfined_u:object_r:user_tty_device_t:s0->system_u:object_r:tty_device_t:s0
[root@timothy dkutalek]# 

This can be perhaps also useful:

[root@timothy dkutalek]# rpm -qf /usr/lib/debug/usr/bin/getconf.debug
glibc-debuginfo-2.12-1.3.el6.x86_64
Comment 6 Miroslav Grepl 2010-06-30 12:24:56 UTC 
Thanks. I am seeing the same issue. The problem are hard links. I am fixing the label.
Comment 7 Miroslav Grepl 2010-06-30 13:12:00 UTC 
Fixed in selinux-policy-3.7.19-29.el6
Comment 11 releng-rhel@redhat.com 2010-11-10 21:35:00 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.