Bug 168840

Summary: Files created without selinux contexts
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: selinux-policy-targetedAssignee: Russell Coker <rcoker>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-27 06:04:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2005-09-20 15:54:29 UTC 
Description of problem:

Running samba on an FC4 box.  Using Ghost to backup into a share.  Files need to
have user_home_t context for smbd to access.  However, it looks like new files
are not being created with contexts:

[root@alexandria Ghost]# ls -Z
-rwxrw-r--  stockwel cora                                      C_Drive030_i001.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive030_i002.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive030_i003.iv2i
-rwxrw-r--  stockwel cora     root:object_r:user_home_t        C_Drive030.v2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i001.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i002.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i003.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i004.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i005.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i006.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i007.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i008.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i009.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i010.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031_i011.iv2i
-rwxrw-r--  stockwel cora                                      C_Drive031.v2i
-rwxrw-r--  stockwel cora                                      MYRDDRAAL.sv2i

Version-Release number of selected component (if applicable):
samba-3.0.14a-2

How reproducible:
everytime
Comment 1 Orion Poplawski 2005-11-04 18:54:22 UTC 
Changing to selinux-policy-targeted to try to get some more info.  Looks like
things work when files are labeled samba_share_t (new ones are created that
way), but not when existing dirs are labeled user_home_t (new ones don't have
labels).
Comment 2 Orion Poplawski 2005-11-10 16:19:44 UTC 
Scratch the above.  It seems I've got one system where it appears to work, and
one where it doesn't.
Comment 3 Daniel Walsh 2005-11-30 20:42:52 UTC 
Are you seeing avc messages?

This seems like a kernel problem to me.  Policy would not come into play here.
Comment 4 Orion Poplawski 2005-12-01 16:06:21 UTC 
I'm running in permissive mode.  Only avc messages I get are after the file is
created:

Nov 30 21:05:59 alexandria kernel: audit(1133409959.234:3594): avc:  denied  {
getattr } for  pid=3629 comm="smbd" name="C_Drive045_i014.iv2i" dev=dm-6
ino=2700225 scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:file_t
tclass=file

I'm running 2.6.12-1.1456_FC4smp because of problems experience with later
kernels.  Will try to test with the latest soon.
Comment 5 Daniel Walsh 2006-01-02 19:37:06 UTC 
Are you using ext3? Or reiserfs? Or xfs?
Comment 6 Orion Poplawski 2006-01-03 17:44:52 UTC 
(In reply to comment #5)
> Are you using ext3? Or reiserfs? Or xfs?

jfs
Comment 7 Daniel Walsh 2006-01-27 06:04:19 UTC 
Not supported with SELinux.