Bug 356311

Summary: SELinux does not allow cp -a over NFS
Product: [Fedora] Fedora Reporter: Andrew Haley <aph>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: meyering, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-12 06:31:07 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Andrew Haley 2007-10-29 07:36:46 EDT
Description of problem:

With an NFS mounted home directory and use_nfs_home_dirs --> on

zorro:~ $ echo poo > a
zorro:~ $ cat a
zorro:~ $ cp -a a b
zorro:~ $ echo $?
zorro:~ $ cat b
zorro:~ $ ls -l b
-rw-r--r-- 1 aph aph 0 2007-10-29 11:33 b

The failure is when "cp -a" tries to set the attrs:

fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1
EOPNOTSUPP (Operation not supported)

Kernel is 2.6.23-0.214.rc8.git2.fc8
Comment 1 Daniel Walsh 2007-10-29 23:49:22 EDT
Did you get any avc messages?
Comment 3 Daniel Walsh 2007-10-30 06:33:40 EDT
Do you have setroubleshoot installed?   avc messages are written in
/var/log/audit/audit.log if you have audit running and /var/log/messages if not.
Comment 4 Andrew Haley 2007-10-30 06:45:08 EDT
I just installed setroubleshoot.

There is no message in /var/log/audit/audit.log or /var/log/messages.

I just get

fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1
EOPNOTSUPP (Operation not supported)
 and the cp fails.
Comment 5 Daniel Walsh 2007-11-10 08:12:24 EST
I think this is similar to another bug in coreutils.
Comment 6 Ondrej Vasik 2007-11-12 04:24:52 EST
I know about this similarity, similar bug #219900 is already fixed, I think that
the build which fixes #219900 will fix that one bug too, but I'd like to check
it before I'll close this bug.
Comment 7 Ondrej Vasik 2007-11-12 05:00:31 EST
The difference between #219900 and this bug is that from the report it seems
that the error occured during first write to file(that b was not existing before
cp -a) - if the b file existed then the bug is same as #219900 and I can close
it. So need info from reporter - could you reproduce it with
coreutils-6.9-11.fc9, coreutils-6.9-9.fc8 , coreutils-6.9-5.fc7 or any later
coreutils package? Or could you confirm that the file "b" existed before "cp -a
a b" command? Thanks
Comment 8 Andrew Haley 2007-11-12 06:21:30 EST
This seems now to be fixed with coreutils-6.9-9.fc8.

Comment 9 Ondrej Vasik 2007-11-12 06:31:07 EST
Ok, closing RAWHIDE.