Red Hat Bugzilla – Full Text Bug Listing
|Summary:||SELinux does not allow cp -a over NFS|
|Product:||[Fedora] Fedora||Reporter:||Andrew Haley <aph>|
|Component:||coreutils||Assignee:||Ondrej Vasik <ovasik>|
|Status:||CLOSED RAWHIDE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-11-12 06:31:07 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Andrew Haley 2007-10-29 07:36:46 EDT
Description of problem: With an NFS mounted home directory and use_nfs_home_dirs --> on zorro:~ $ echo poo > a zorro:~ $ cat a poo zorro:~ $ cp -a a b zorro:~ $ echo $? 1 zorro:~ $ cat b zorro:~ $ ls -l b -rw-r--r-- 1 aph aph 0 2007-10-29 11:33 b The failure is when "cp -a" tries to set the attrs: fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1 EOPNOTSUPP (Operation not supported) Kernel is 2.6.23-0.214.rc8.git2.fc8
Comment 1 Daniel Walsh 2007-10-29 23:49:22 EDT
Did you get any avc messages?
Comment 3 Daniel Walsh 2007-10-30 06:33:40 EDT
Do you have setroubleshoot installed? avc messages are written in /var/log/audit/audit.log if you have audit running and /var/log/messages if not.
Comment 4 Andrew Haley 2007-10-30 06:45:08 EDT
I just installed setroubleshoot. There is no message in /var/log/audit/audit.log or /var/log/messages. I just get fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1 EOPNOTSUPP (Operation not supported) and the cp fails.
Comment 5 Daniel Walsh 2007-11-10 08:12:24 EST
I think this is similar to another bug in coreutils.
Comment 6 Ondrej Vasik 2007-11-12 04:24:52 EST
I know about this similarity, similar bug #219900 is already fixed, I think that the build which fixes #219900 will fix that one bug too, but I'd like to check it before I'll close this bug.
Comment 7 Ondrej Vasik 2007-11-12 05:00:31 EST
The difference between #219900 and this bug is that from the report it seems that the error occured during first write to file(that b was not existing before cp -a) - if the b file existed then the bug is same as #219900 and I can close it. So need info from reporter - could you reproduce it with coreutils-6.9-11.fc9, coreutils-6.9-9.fc8 , coreutils-6.9-5.fc7 or any later coreutils package? Or could you confirm that the file "b" existed before "cp -a a b" command? Thanks
Comment 8 Andrew Haley 2007-11-12 06:21:30 EST
This seems now to be fixed with coreutils-6.9-9.fc8. Thanks.
Comment 9 Ondrej Vasik 2007-11-12 06:31:07 EST
Ok, closing RAWHIDE.