Red Hat Bugzilla – Full Text Bug Listing
|Summary:||with SELinux enabled, 1.541 becomes unstable after attempting to write to a reiser partition|
|Product:||[Fedora] Fedora||Reporter:||Daniel Reed <djr>|
|Component:||anaconda||Assignee:||Jeremy Katz <katzj>|
|Status:||CLOSED RAWHIDE||QA Contact:||Mike McLean <mikem>|
|Version:||rawhide||CC:||dwalsh, rcoker, sds, wtogami|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2004-10-14 09:35:40 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Daniel Reed 2004-09-29 13:27:50 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040923 Description of problem: From rawhide-20040927 as well as FC3t2 (both using the same kernel 1.541), I can mount /dev/hda2 (reiser), navigate the fs, cat files, etc., but, if I try to write to a file or create a ne wone, the process attempting the write becomes unkillably frozen. Subsequent syncs immediately, unkillably freeze. Attempts to umount fail. Attempts to reboot silently fail. If I login on another tty, I get to the "Last login: ..." line, then my cursor remains blinking on the next line forever. There is no Oops or other kernel output on the console, and nothing shows up in dmesg. At this point, all I can do is power cycle. If I boot into a kernel that does not experience this problem, I can read and write to the partition without problems. Changes I make to the partition do show up when I reboot into FC, but as soon as I try to make changes in FC, everything freezes again. If I boot into 1.541 with the argument "selinux=0", I am able to write to /dev/hda2 normally. Version-Release number of selected component (if applicable): kernel-2.6.8-1.541 Expected Results: If this is an unknown and/or easily-solvable issue with SELinux and reiser, I would prefer if the issue could be solved. Barring that, I would prefer if the kernel either disabled the affected parts of SELinux on reiser partitions, or did not allow reiser partitions to be mounted rw when SELinux is enabled.
Comment 1 Arjan van de Ven 2004-09-29 13:30:09 EDT
don't use reiserfs like this. realistically we're not going to be fixing reiserfs so marking this bug as WONTFIX.
Comment 2 Daniel Reed 2004-09-29 13:44:33 EDT
I am not using reiserfs in a strange way; I am simply mounting it and attempting to use it on a system that happens to have SELinux enabled. Our installer allowed me to choose to mount /dev/hda2 rw as type reiser, I did not go behind its back. The kernel allowed /dev/hda2 to mount rw out of the box, I did not need to customize any module loading scripts or install any extra packages. This is a robustness issue and must be addressed, preferably in one of the three ways above (correct rw operation, disable SELinux on mount, or prevent reiser partitions from being mounted rw when SELinux is enabled). A fourth way of addressing it might be to remove the reiser driver from the distribution, which would be unfortunate for users who would otherwise choose to use reiser and simply disable SELinux. A fifth way of addressing it might be to cause our installer to not offer to mount reiser partitions, which would also be unfortunate for users who value reiser over SELinux. Either way, there will be users who value reiser and, as long as we allow its use, we can not make it easy to destabilize the kernel through normal use of its features (reiser and SELinux).
Comment 3 Colin Walters 2004-09-29 13:48:45 EDT
We aren't distributing those broken patches to add xattr support to reiserfs are we? Did they get upstreamed?
Comment 4 Arjan van de Ven 2004-09-29 13:50:52 EDT
we aren't touching reiserfs at all. btw you missed a 4th way, the most likely way: disable reiserfs.
Comment 5 Daniel Reed 2004-09-29 13:58:31 EDT
If either the fourth or fifth way of addressing this problem is determined to be the only practical solution, please go ahead with it. We should not ship a distribution in this state. Users (which class would include me before this morning) need to be educated to not use reiser and SELinux at the same time, or they need to be prevented from doing it, but they can not be allowed to cause filesystem inconsistency or kernel instability through the normal actions of enabling SELinux, using reiser, and attempting to write to a data partition. Please do not re-close this bug until one of the five methods of addressing this kernel issue has been decided upon and implemented.
Comment 6 Arjan van de Ven 2004-09-29 14:00:53 EDT
well anaconda doesn't offer you to create a reiserfs partition. the kernel does not have the task to prevent the sysadmin from shooting himself in his foot.
Comment 7 Moritz Baumann 2004-10-06 05:14:50 EDT
Just me asking (because i didn't try it). But if i choose linux reiserfs at the install point anaconda will/? provide me with reiserfs as option (at least the same thing happened when i installed FC3T2 on lvm/xfs).
Comment 8 Stephen Smalley 2004-10-06 13:36:06 EDT
Created attachment 104848 [details] Use genfscon to map reiserfs to nfs_t rather than calling xattr handlers Allow use of reiserfs under SELinux, mapping all inodes to a single type, rather than trying to call the xattr security handlers in the reiserfs code that produce deadlock. nfs_t used as the type at Russell's suggestion, since policy already allows access for NFS home directories.
Comment 9 Elliot Lee 2004-10-13 16:02:45 EDT
reiserfs is available only AS-IS and unsupported. If it breaks, you get to keep both pieces. Jeremy - It sounds like anaconda needs to be changed so that without the reiserfs option, it will refuse to upgrade an existing linux install on a reiserfs partition.
Comment 10 Stephen Smalley 2004-10-13 16:11:35 EDT
reiserfs/SELinux deadlock shouldn't be occuring anymore due to policy change to tell SELinux to not invoke the reiserfs xattr handlers at all. Is it still occurring? SELinux should just be mapping all reiserfs inodes to nfs_t at this point. As an side, recently restarted dialogue with Jeff Mahoney of SuSE about getting the reiserfs xattr support fixed so that it will work with SELinux, but don't know what they will be done.
Comment 11 Stephen Smalley 2004-10-13 16:19:22 EDT
Looks like policy fix went into 1.17.28-2 on Oct 6th. FC3T3 had an older revision that lacked the change, so expect reiserfs to still deadlock there. But in FC3 final, it shouldn't be an issue.
Comment 12 Jeremy Katz 2004-10-14 09:35:40 EDT
The newer policy package should fix this.