Bug 600690

Summary: broken SELinux AVCs on XFS partition when running xfsdump
Product: [Fedora] Fedora Reporter: Cristian Ciupitu <cristian.ciupitu>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: anton, dougsland, eparis, esandeen, gansalmon, ian, itamar, jonathan, kernel-maint, kszysiu
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 662344 (view as bug list) Environment:
Last Closed: 2010-12-17 20:46:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 662344    

Description Cristian Ciupitu 2010-06-05 16:20:07 UTC 
Description of problem:
xfsdump generates some broken SELinux AVCs when running on my XFS /home partition. This is the same partition I've used in Fedora 12 and older, so some of the files were created a long time ago, but on the other hand I've rebooted with /.autorelabel a couple of times, since installing Fedora 13.

ls -ldZ says this about one of the files:
drwxrwxr-x. ciupicri ciupicri unconfined_u:object_r:user_home_t:s0 ./3rdparty-projects/django/tests/modeltests/m2o_recursive2/.svn/tmp


Version-Release number of selected component (if applicable):
kernel-2.6.33.5-112.fc13.x86_64.rpm
selinux-policy-3.7.19-21.fc13.noarch.rpm
selinux-policy-targeted-3.7.19-21.fc13.noarch.rpm
xfsdump-3.0.4-1.fc13.x86_64.rpm


How reproducible:
Every time.


Steps to Reproduce:
1. xfsdump -l 0 -e -p 5 -f /media/SG1-personal/home.xfsdump /home

  
Actual results:
Lots of errors like this:
"xfsdump: WARNING: unable to open directory: ino 704668552: Permission denied"

SELinux denials:
time->Sat Jun  5 18:19:42 2010
type=SYSCALL msg=audit(1275751182.020:25706): arch=c000003e syscall=16 success=no exit=-13 a0=6 a1=ffffffffc038586b a2=7fff1e4804a0 a3=6 items=0 ppid=2980 pid=3006 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="xfsdump" exe="/sbin/xfsdump" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1275751182.020:25706): avc:  denied  { 0x400000 } for  pid=3006 comm="xfsdump" name="" dev=dm-1 ino=37436486 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file


Expected results:
No errors or at least a valid human readable permission instead of some hex.


Additional info:
This bug is similar with bug #576207, so it might be a duplicate.
Comment 1 Cristian Ciupitu 2010-07-24 20:04:35 UTC 
The bug is still present in kernel-2.6.33.6-147.fc13.x86_64.rpm and selinux-policy-3.7.19-39.fc13.noarch.rpm.

If I set SELinux to permissive mode by running "setenforce 0", xfsdump seems to work fine (no errors printed).
Comment 2 Eric Sandeen 2010-12-17 20:46:45 UTC 

*** This bug has been marked as a duplicate of bug 662344 ***