Bug 217286
Summary: | selinux prevents rhgb from running | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tobias Oed <tobiasoed> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED DUPLICATE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | rstrode |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-14 18:36:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tobias Oed
2006-11-26 14:57:29 UTC
Did you do the restorecon after updating grabbing the latest packages from -updates? I did the backup/resotre in a 'linux rescue' session from the fc6 dvd a couple of hours before reporting the bug. That was on saturday nov 24th because. (I had to modify my partitioning scheme somewhat). yum.log tells me that the relevant packages are older than that Nov 03 22:03:14 Updated: rhgb.i386 0.16.4-3.fc6 Nov 20 18:32:19 Updated: selinux-policy.noarch 2.4.3-10.fc6 Nov 20 18:37:01 Updated: selinux-policy-targeted.noarch 2.4.3-10.fc6 Here are some more bits of information that may turn out to be important: I remember that rhgb worked right after the resotre, but I couldn't log in because of the misslabeling. So I 'linux rescued' again to touch the autorelabel and autorelabeling happened with a working rhgb. Now, rhgb uses /etc/rhgb/temp as a mount point for it's ramfs. So maybe autorelabel missed the file because the ramfs was mounted on top of it? Tobias So is it working correcly now on reboot? How is the /etc/rhgb/temp mounted? > So is it working correcly now on reboot? I got it to work with a manual restorecon /etc/rhgb/temp when nothing was mounted there. > How is the /etc/rhgb/temp mounted? /etc/rc.d/rc.sysinit starts rhgb and rhgb mounts a ramfs on /etc/rhgb/temp like so: src/main.c:434: if (mount("none", TMPPATH, "ramfs", 0, "maxsize=512")) Later /etc/rc.d/rc.sysinit starts the relabeling with rhgb still running so the ramfs is still mounted at /etc/rhgb/temp and restorecon misses the relabeling of the underlying file (I think). Do I make sense? Tobias. This is a special case of bug 220322 I just opened. Automatic relabeling of the file system misses the underlying directories of mount points. Tobias |