Bug 196118

Summary: rpmbuild file_contexts errors after libselinux update
Product: [Fedora] Fedora Reporter: David Nečas <yeti>
Component: libselinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: nobody+pnasrat
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-28 20:05:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Nečas 2006-06-21 08:27:39 UTC 
Description of problem:
After update of libselinux to 1.30.3-3.fc5 rpmbuild started to print awful lots
of messages like:

file_contexts:  invalid context system_u:object_r:bin_t
file_contexts:  invalid context system_u:object_r:lib_t
file_contexts:  invalid context system_u:object_r:shlib_t
file_contexts:  invalid context system_u:object_r:usr_t
etc.

in the file packing phase of -debuginfo subpackage.  It seems an error is
printed for each file with corresponding debug info.

Version-Release number of selected component (if applicable):
rpm-build-4.4.2-15.2

How reproducible:
Always.

Steps to Reproduce:
1. get anacron-2.3-38.FC5.src.rpm from FC5 updates (the package does not matter,
this one is just small)
2. rpmbuild --rebuild anacron-2.3-38.FC5.src.rpm
  
Actual results:
Package builds, but rpmbuild prints

...
Processing files: anacron-2.3-38.FC5
Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.55078
+ umask 022
+ cd CENSORED/BUILD
+ cd anacron-2.3
+ DOCDIR=/var/tmp/anacron-2.3-buildroot/usr/share/doc/anacron-2.3
+ export DOCDIR
+ rm -rf /var/tmp/anacron-2.3-buildroot/usr/share/doc/anacron-2.3
+ /bin/mkdir -p /var/tmp/anacron-2.3-buildroot/usr/share/doc/anacron-2.3
+ cp -pr COPYING README /var/tmp/anacron-2.3-buildroot/usr/share/doc/anacron-2.3
+ exit 0
Provides: config(anacron) = 2.3-38.FC5
Requires(interp): /bin/sh /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): /bin/sh
Requires(preun): /bin/sh
Requires(postun): /bin/sh
Requires: /bin/sh /bin/sh config(anacron) = 2.3-38.FC5 crontabs
libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
Processing files: anacron-debuginfo-2.3-38.FC5
file_contexts:  invalid context system_u:object_r:sbin_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
file_contexts:  invalid context system_u:object_r:src_t
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files
/var/tmp/anacron-2.3-buildroot
Wrote: CENSORED/RPMS/x86_64/anacron-2.3-38.FC5.x86_64.rpm
Wrote: CENSORED/RPMS/x86_64/anacron-debuginfo-2.3-38.FC5.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.55078
+ umask 022
+ cd CENSORED/BUILD
+ cd anacron-2.3
+ rm -rf /var/tmp/anacron-2.3-buildroot
+ exit 0
Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.55078
+ umask 022
+ cd CENSORED/BUILD
+ rm -rf anacron-2.3
+ exit 0


Expected results:
The same but without the file_contexts errors.


Additional info:
Observed on a system which uses reiserfs on / and thus have SELinux disabled, if
it matters.  I did not check whether the created -debuginfo package is usable on
a SELinux-enabled system.
Comment 1 David Nečas 2006-06-21 12:16:45 UTC 
Seeing the bug moved to selinux-policy... I can confirm `rpm -e selinux-policy
selinux-policy-targeted' (on the SELinux-disabled system) stops the errors (have
no idea how inactive policies interact with rpm packaging though).
Comment 2 Daniel Walsh 2006-06-21 12:30:25 UTC 
This actually looks like a bug in rpm.  rpmbuild should not be calling
matchpathcon when selinux is disabled.  matchpathcon verifies the file context
against what is running in the kernel and if it fails it prints this message.
Comment 3 Paul Nasrat 2006-06-21 14:45:24 UTC 
The library really shouldn't be printing - I have a return code which I can tell
if it failed.  Is there a method to disable logging/messages.
Comment 4 Daniel Walsh 2006-06-21 18:26:03 UTC 
OK I make it only print if built with DEBUG Flag.

This code was only there for matchpathcon.
Comment 5 Daniel Walsh 2007-03-28 20:05:10 UTC 
Closing bugs