Bug 250525

Summary: LVM command output can not be redirected to a text file
Product: Red Hat Enterprise Linux 5 Reporter: Kevin Joubert <kevinjoubert>
Component: lvm2Assignee: Milan Broz <mbroz>
Status: CLOSED NOTABUG QA Contact: Corey Marthaler <cmarthal>
Severity: medium Docs Contact:
Priority: low    
Version: 5.0CC: agk, dwysocha, jbrassow, mbroz, prockai, pvrabec
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-03 09:37:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strace of problem none

Description Kevin Joubert 2007-08-02 00:59:14 UTC 
Description of problem:
When attempting to gather LVM information by redirecting commands to a text 
file, no output is seen. Commands execute perfectly to the screen, but will not 
allow output to go to a file. 

Disabling SE Linux seems to remove the problem. 

Version-Release number of selected component (if applicable):
7
[root@linux-dl585 ~]# cat /etc/issue
Red Hat Enterprise Linux Server release 5 (Tikanga)
Kernel \r on an \m

[root@linux-dl585 ~]# uname -a
Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:14 EST 2007 
x86_64 x86_64 x86_64 GNU/Linux


[root@linux-dl585 ~]# lvm version
  LVM version:     2.02.16-RHEL5 (2006-12-14)
  Library version: 1.02.13 (2006-11-28)
  Driver version:  4.11.0



How reproducible:


Steps to Reproduce:
1. Execute any lvm command (i.e. pvs, lvdisplay, lvm version, etc. etc.) and 
attempt to redirect output to a text file.


[root@linux-dl585 ~]# pvs
  PV         VG   Fmt  Attr PSize  PFree
  /dev/sda   vg01 lvm2 a-   10.00G    0
  /dev/sdd   vg02 lvm2 ax    1.95G 1.08G
  /dev/sde   vg02 lvm2 ax    1.95G 1.46G
[root@linux-dl585 ~]# pvs > testfile
[root@linux-dl585 ~]# cat testfile
[root@linux-dl585 ~]#


2.
3.
  
Actual results:
output file is empty.


Expected results:
expected output to be redirected to file. 

Additional info:
strace of problem is attached. It appears that SE Linux is preventing this 
somehow. Disabling SE Linux allows output to be redirected as normal.
Comment 1 Kevin Joubert 2007-08-02 00:59:14 UTC 
Created attachment 160484 [details]
strace of problem
Comment 2 Kevin Joubert 2007-08-02 23:06:39 UTC 
Additional info from SE Linux troubleshooter, when attempting to run
 "lvm version > /tmp/kevin.txt"
I attempted the "restorecon" suggested workaround on both the file and 
directory with no improvement in the problem. 



Summary
    SELinux is preventing the /sbin/lvm.static from using potentially 
mislabeled
    files (/tmp/kevin.txt).

Detailed Description
    SELinux has denied /sbin/lvm.static access to potentially mislabeled file
(s)
    (/tmp/kevin.txt).  This means that SELinux will not allow /sbin/lvm.static
    to use these files.  It is common for users to edit files in their home
    directory or tmp directories and then move (mv) them to system directories.
    The problem is that the files end up with the wrong file context which
    confined applications are not allowed to access.

Allowing Access
    If you want /sbin/lvm.static to access this files, you need to relabel them
    using restorecon -v /tmp/kevin.txt.  You might want to relabel the entire
    directory using restorecon -R -v /tmp.

Additional Information        

Source Context                root:system_r:lvm_t:SystemLow-SystemHigh
Target Context                root:object_r:tmp_t
Target Objects                /tmp/kevin.txt [ file ]
Affected RPM Packages         lvm2-2.02.16-3.el5 [application]
Policy RPM                    selinux-policy-2.4.6-30.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     linux-dl585.cxo.hp.com
Platform                      Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP
                              Fri Jan 26 14:15:14 EST 2007 x86_64 x86_64
Alert Count                   3
Line Numbers                  

Raw Audit Messages            

avc: denied { write } for comm="lvm" dev=cciss/c0d0p2 egid=0 euid=0
exe="/sbin/lvm.static" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="kevin.txt"
path="/tmp/kevin.txt" pid=12031 scontext=root:system_r:lvm_t:s0-s0:c0.c1023
sgid=0 subj=root:system_r:lvm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:tmp_t:s0 tty=pts1 uid=0
Comment 3 Kevin Joubert 2007-08-03 00:01:20 UTC 
Okay, I have learned enough about SE Linux to determine that his is not a bug 
and is working as intended. I then used the information here:
http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385
and the "ausearch" command to create an semodule allowing "lvm" to access 
the /tmp directory. 

Please close this issue.
Comment 4 Milan Broz 2007-08-03 09:37:19 UTC 
Closing per request in comment #3.