Bug 138561

Summary: Installing kernel package hard links files from other kernels, causes SELinux warnings
Product: [Fedora] Fedora Reporter: Jordan Russell <jr-redhatbugs2>
Component: kernelAssignee: Russell Coker <rcoker>
Status: CLOSED CANTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-03 01:21:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jordan Russell 2004-11-09 21:44:23 UTC
Description of problem:
When a new kernel package is installed, the rpm script calls an
undocumented utility by the name of "/usr/sbin/hardlink" that
evidently finds duplicate files in different paths and hard links them
together. I suppose the point of this is to save disk space.

This hard linking causes issues with SELinux. When I run "fixfiles
relabel" afterward messages like this get syslogged:

/usr/sbin/setfiles:  conflicting specifications for
/lib/modules/2.6.9-1.667/build/usr/Makefile and
/usr/src/linux-2.6.9x/usr/Makefile, using
system_u:object_r:modules_object_t.

Notice how it has hard linked a file in /lib/modules to a file in
/usr/src. SELinux can't handle this because the two paths use
different contents -- /lib/modules uses
"system_u:object_r:modules_object_t", while /usr/src uses
"system_u:object_r:src_t".
(See /etc/selinux/targeted/src/policy/file_contexts/file_contexts.)

Version-Release number of selected component (if applicable):
kernel-2.6.9-1.667

How reproducible:
Always

Steps to Reproduce:
1. Place a vanilla kernel in /usr/src/linux-2.6.9x and "make
bzImage/modules/modules_install/install" it from there.
2. Install kernel-2.6.9-1.667

Actual Results:  Files from /lib/modules/2.6.9-1.667 and
/usr/src/linux-2.6.9x are hard linked together.

Expected Results:  They should not be hard linked together. (Just get
rid of the "hardlink" call?)

Additional info:

Comment 1 Daniel Walsh 2005-04-19 15:59:34 UTC
What policy are you running?

Dan

Comment 2 Russell Coker 2005-04-20 04:46:05 UTC
This is not a bug in the policy, it's a bug in the kernel package.  Files 
under /usr/src should not be involved in any package install.  The fact 
that /usr/src may have files identical to files in kernel packages is not 
relevant to the package install process. 

Comment 4 Dave Jones 2005-07-15 19:18:10 UTC
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Comment 5 Dave Jones 2005-10-03 01:21:51 UTC
This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.

There are a large number of inactive bugs in the database, and this is the only
way to purge them.

Thank you.