| Summary: | selinux tries to mmap zero length file | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Roman Bednář <rbednar> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.2 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-09-16 13:21:38 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Already known as BZ#1372200. While it's already fixed in selinux-policy-3.13.1-97.el7.noarch, you need to remove /etc/selinux/targeted/contexts/files/file_contexts.local.bin file if updated from an older version. And since we generally doesn't support upgrade from beta to final release, we won't provide any automatic fix for this issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1374451#c5 *** This bug has been marked as a duplicate of bug 1372200 *** |
Created attachment 1201638 [details] debug log Selinux does not prevent mapping zero length files, causing errors in lvm commands output. This might not affect just lvm and it does not seems to affect functionality at all. The reproducer here might be a bit odd but I was not able to find another reliable one so far. Reproducer: 1) install latest RHEL7 2) do not make any local fcontext changes 3) discover and login to ISCSI target 4) create partition on it as shown below 5) use the disk to create vg 6) observe 'mmap: Invalid argument' errors in lvm commands output # fdisk -l /dev/sda Disk /dev/sda: 1024 MB, 1024000000 bytes, 2000000 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 4194304 bytes Disk label type: dos Disk identifier: 0x78053651 Device Boot Start End Blocks Id System /dev/sda1 8192 1999999 995904 83 Linux # lsblk -S NAME HCTL TYPE VENDOR MODEL REV TRAN sda 2:0:0:0 disk LIO-ORG FILEIO 4.0 iscsi # getenforce Permissive # vgcreate vg /dev/sda1 mmap: Invalid argument Volume group "vg" successfully created # lvs mmap: Invalid argument LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root rhel_virt-148 -wi-ao---- 6.74g swap rhel_virt-148 -wi-ao---- 828.00m This is most likely caused by selinux trying to mmap files that are of zero length at this point. Those files should be: /etc/selinux/targeted/contexts/files/file_contexts.local /etc/selinux/targeted/contexts/files/file_contexts.local.bin See attachment for debug log. Additional info: When any file context is changed on the system, those files get populated and errors are gone (same as with selinux disabled). Packages: 3.10.0-501.el7.x86_64 libselinux-python-2.5-6.el7.x86_64 selinux-policy-3.13.1-96.el7.noarch libselinux-2.5-6.el7.x86_64 libselinux-utils-2.5-6.el7.x86_64 selinux-policy-devel-3.13.1-96.el7.noarch selinux-policy-targeted-3.13.1-96.el7.noarch lvm2-2.02.165-1.el7 lvm2-libs-2.02.165-1.el7 lvm2-cluster-2.02.165-1.el7 device-mapper-1.02.134-1.el7 device-mapper-libs-1.02.134-1.el7 device-mapper-event-1.02.134-1.el7 device-mapper-event-libs-1.02.134-1.el7 device-mapper-persistent-data-0.6.3-1.el7 cmirror-2.02.165-1.el7