Bug 188899

Summary: Could not relabel /dev/pts/x
Product: Red Hat Enterprise Linux 4 Reporter: Peter Bieringer <pb>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: dwalsh, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-01 14:04:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2006-04-13 11:13:40 UTC 
+++ This bug was initially created as a clone of Bug #152247 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323
Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I keep noticing the following warning message in /var/log/messages

Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not
relabeling.Operation not permitted

Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0.

I think it is being caused by running a "fixfiles relabel" when "su -" as root
at a terminal.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.90

++++ End of original report

I got same messages by switching from root to a system account (for testing file
access) on RHEL4 (at least on 3 systems):

# su -s /bin/sh - ldap

Apr 13 13:12:08 host su(pam_unix)[32414]: session opened for user ldap by
peter(uid=0)
Apr 13 13:12:08 host su[32414]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:14 host su(pam_unix)[32414]: session closed for user ldap

# su -s /bin/sh - named

Apr 13 13:12:17 host su(pam_unix)[32419]: session opened for user named by
peter(uid=0)
Apr 13 13:12:17 host su[32419]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:21 host su(pam_unix)[32419]: session closed for user named


selinux-policy-targeted-1.17.30-2.128
Comment 1 Russell Coker 2006-04-16 07:56:42 UTC 
This bug occurs because setfsuid() is called to set the file-system UID to the 
UID of the target user before the selinux PAM module is called to do the SE 
Linux stuff.

Probably if there was code such as:
setfsuid(0);
status=setfilecon(ptr,newdev_context);
setfsuid(user_uid);

Then it would work.

This appears to have been fixed in rawhide by other changes to either 
coreutils or pam.  As this is a cosmetic error (doesn't prevent the system 
from operating correctly) I don't think it's worth an errata for pam.  But 
I'll let the pam maintainers make the decision on that.
Comment 3 Daniel Walsh 2006-06-15 20:25:26 UTC 
Could you use runuser instead of su?
Comment 4 Peter Bieringer 2006-06-18 14:42:20 UTC 
runuser didn't cause such message and would working for me also.
Comment 5 Peter Bieringer 2006-09-01 14:10:54 UTC 
Closed as "NOTABUG" would not be really match the real reason I think...
A retest after upgrade to RHEL4 U4 shows me, that the problem is gone now, so
the reason is more some updates since the reporting date.