Bug 524891

Summary: fixfiles -F restore resets context of /lib/ld-2.10.90.so to tmp_t
Product: [Fedora] Fedora Reporter: Jeff Layton <jlayton>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 12CC: dwalsh, eparis, mgrepl, sdsmall, steved
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-11 22:20:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Layton 2009-09-22 15:50:36 UTC 
I updated my laptop to rawhide a while back and selinux has been more or less OK. I patched it a few days ago however and somehow /lib/ld-2.10.90.so ended up with a context of system_u:object_r:tmp_t:s0.

At the time, I wasn't sure what was wrong other than that selinux was borked and disabling it allowed the machine to boot. So I booted with "autorelabel" set. fixfiles crawled the fs, but didn't fix the label on /lib/ld-2.10.90.so.

Eventually, I figured out what was broken and ran restorecon on it by hand and it seemed to be OK.

I can reproduce this at will though. If I change the security context of /lib/ld-2.10.90.so and then boot with autorelabel, it doesn't fix its label. It also doesn't fix it if I run:

# fixfiles -F restore

...from the command line when the laptop is booted in permissive mode. If I run this though:

# fixfiles -F restore /lib

...it does fix it.
Comment 1 Jeff Layton 2009-09-22 18:03:02 UTC 
Actually, the problem is a little worse. fixfiles -F restore is actually setting the context of /lib/ld-2.10.90.so to tmp_t, even when it was correct before.

Running fixfiles -F check doesn't show any changes for this file, so it's not clear to me why it's forcing this change. Let me know if there's any info you need to troubleshoot this. The machines is a fairly up to date F12 install. I don't think I have any custom selinux configuration either.
Comment 2 Jeff Layton 2009-09-22 18:18:22 UTC 
Ouch, it's even worse...

Just running:

# fixfiles check

resets the context of that file to tmp_t as well. Note that it might be resetting others too that I haven't noticed.
Comment 3 Stephen Smalley 2009-09-28 12:46:05 UTC 
ls -l /lib/ld-2.10.90.so
Also, mount | grep bind
Comment 4 Jeff Layton 2009-09-30 11:06:13 UTC 
# ls -l /lib/ld-2.10.90.so
-rwxr-xr-x. 1 root root 188200 2009-09-21 07:24 /lib/ld-2.10.90.so

# mount | grep bind

...no output

# grep bind /proc/mounts

...also no output
Comment 5 Bug Zapper 2009-11-16 12:46:17 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 6 Daniel Walsh 2010-03-11 22:20:15 UTC 
Seems to be working correct now.