Bug 1465650
| Summary: | 'unlabeled_t' files found in /usr when using RHELAH 7.4 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Micah Abbott <miabbott> |
| Component: | rhel-server-atomic | Assignee: | Colin Walters <walters> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | atomic-bugs <atomic-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | jlebon, smilner |
| Target Milestone: | rc | Keywords: | Extras |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-02-12 15:45:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is probably related to doing a 7.3 → 7.4 upgrade. Hm, things seem OK in a manual test here too. Offhand, I'd suspect this is related to rpm-ostree not running as install_t. What's the upgrade starting point? Starting point was 7.3.6 Reproducer: 1. Boot 7.3.6 2. Toggle a SELinux boolean semanage boolean --m --on virt_use_nfs 3. Rebase/Upgrade to 7.4 4. Reboot 5. Check for unlabeled_t # find /usr -context '*:unlabeled_t:*' /usr/lib/systemd/systemd-bootchart /usr/lib/systemd/systemd-initctl /usr/lib/systemd/system/systemd-bootchart.service Upstream issue - https://github.com/ostreedev/ostree/issues/1026 Worth noting here, when I did an upgrade from 7.3.6 to 7.4 on a bare metal system using the physical KVM, I saw the following messages printed to the console: Jul 31 11:54:21 dhcp-41-200.bos.redhat.com kernel: SELinux: Context system_u:object_r:systemd_bootchart_unit_file_t:s0 is not valid (left unmapped). Jul 31 11:54:23 dhcp-41-200.bos.redhat.com kernel: SELinux: Context system_u:object_r:systemd_initctl_exec_t:s0 is not valid (left unmapped). Jul 31 11:54:24 dhcp-41-200.bos.redhat.com kernel: SELinux: Context system_u:object_r:systemd_bootchart_exec_t:s0 is not valid (left unmapped). When doing the same upgrade via an SSH session, these messages were not directly observed. But I can find them in the journal. After talking with Micah we can close this with CURRENTRELEASE. |
Going to start by saying this is probably the wrong component, but I haven't been able to come up with a super reliable reproducer.... While running our 'improved-sanity-tests', we are seeing the following files being flagged as being 'unabeled_t' after an upgrade to 7.4: /usr/lib/systemd/systemd-bootchart /usr/lib/systemd/systemd-initctl /usr/lib/systemd/system/systemd-bootchart.service I found the following relevant messages in the journal: Jun 27 19:14:16 host-172-16-69-238 kernel: SELinux: Context system_u:object_r:systemd_bootchart_exec_t:s0 is not valid (left unmapped). Jun 27 19:15:37 host-172-16-69-238 kernel: SELinux: Context system_u:object_r:systemd_bootchart_unit_file_t:s0 is not valid (left unmapped). Jun 27 19:15:37 host-172-16-69-238 kernel: SELinux: Context system_u:object_r:systemd_initctl_exec_t:s0 is not valid (left unmapped). The trouble is that I am unable to reproduce this manually. It only seems to be teased out during the automation. Just reporting this here until we can get some more info. Found using: # rpm-ostree status State: idle Deployments: ● custom:rhel-atomic-host/7/x86_64/standard Version: 7.4.0 (2017-06-27 16:55:35) Commit: 13b30690b7573d0749bf15d0e60394a5ee939a70f5272f4982fa29209042e7ad