Bug 1386498

Summary: selinux_restorecon -r goes up the tree
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: libselinuxAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: dwalsh, lvrabec, mgrepl, mmalik, plautrba, ssekidde, vmojzis
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 17:43:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1377248    

Description Milos Malik 2016-10-19 06:23:08 UTC 
Description of problem:
* the realpath(3) problem is already fixed in upstream, but it still affects RHEL-7.3

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64

How reproducible:
* always

Steps to Reproduce:
# time selinux_restorecon -R -v -C /root
specfiles SHA1 digest: 81af33658a8013c7d6ddeb889515b065a52794a7
calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
/etc/selinux/targeted/contexts/files/file_contexts.subs
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin
/etc/selinux/targeted/contexts/files/file_contexts.local
Updated digest for: /root

real	0m0.021s
user	0m0.005s
sys	0m0.016s
# time selinux_restorecon -R -v -C -r /root
specfiles SHA1 digest: 81af33658a8013c7d6ddeb889515b065a52794a7
calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
/etc/selinux/targeted/contexts/files/file_contexts.subs
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin
/etc/selinux/targeted/contexts/files/file_contexts.local
Relabeled /var/log/tuned from system_u:object_r:var_log_t:s0 to system_u:object_r:tuned_log_t:s0
Could not set context for /sys/fs/selinux:  Operation not supported
Could not set context for /sys/fs/selinux/policy_capabilities:  Operation not supported
...
<intentionally shortened>
...
Could not set context for /sys/kernel/security/securelevel:  Operation not supported
ERROR: selinux_restorecon: Success

real	0m32.700s
user	0m25.858s
sys	0m1.304s
#
Comment 3 Petr Lautrbach 2017-01-18 18:18:38 UTC 
https://github.com/SELinuxProject/selinux/commit/aa0c824bb2eeb8960ba02133faade72c837ea951
Comment 6 errata-xmlrpc 2017-08-01 17:43:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1853