Bug 717948

Summary: quotacheck -c fails without reporting error
Product: Red Hat Enterprise Linux 6 Reporter: Karel Volný <kvolny>
Component: quotaAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Branislav Blaškovič <bblaskov>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1CC: azelinka, bblaskov, lnovich
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://sourceforge.net/tracker/?func=detail&aid=3347047&group_id=18136&atid=118136
Whiteboard:
Fixed In Version: quota-3.17-19.el6 Doc Type: Bug Fix
Doc Text:
* When quotacheck access was denied by SELinux, the "quotacheck -c" command did not report any errors, even in verbose mode, and the "quotacheck -c" command failed with an exit code 0. With this update, quotacheck internals have been changed to propagate any error with an appropriate non-zero exit code, and to print accurate warnings if the old quota file could not be used. Thus, quotacheck will report an error correctly while initializing quotas on a file system.
 Story Points: ---
Clone Of:
: 717982 1020313 (view as bug list) Environment:
Last Closed: 2013-11-21 05:40:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 685101, 836160    
Attachments:
Description Flags
Proposed patch fixing exit code of quotacheck
none
Patch fixing warning messages to describe underlying issue correctly
none
Back-ported patch fixing exit code of quotacheck none

Description Karel Volný 2011-06-30 13:48:52 UTC 
Description of problem:
When quotacheck access is denied by selinux, the command doesn't bother to report any error, even in verbose mode, and it returns exit code 0.

Version-Release number of selected component (if applicable):
quota-3.17-16.el6.i686

How reproducible:
always

Steps to Reproduce:
from the test /CoreOS/quota/Regression/bz77871-grace-period-not-shown

rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
rlRun "chmod +x $TmpDir" 0 "Making tmp directory accessible"
rlRun "pushd $TmpDir"
HomeDir="$TmpDir/bz77871"
rlFileBackup "/etc/fstab"
rlRun "dd if=/dev/zero of=bz77871.img count=2k" 0 "Creating the testing image"
rlRun "mke2fs -F bz77871.img" 0 "Formatting the testing image"
rlRun "mkdir bz77871" 0 "Creating the mountpoint"
rlRun "echo '$TmpDir/bz77871.img $HomeDir ext2 loop,usrquota 0 0' >> /etc/fstab" 0 "Adding fstab record"
rlRun "mount $HomeDir" 0 "Mounting the testing image"
rlRun "useradd -d $HomeDir bz77871" 0 "Adding the testing user"
rlRun "chown bz77871:bz77871 $HomeDir" 0 "Fixing ownership of the testing user's homedir"
rlRun "chcon unconfined_u:object_r:user_home_dir_t:s0 $HomeDir" 0 "Fixing SELinux context of the testing user's homedir"
# DEBUG
    echo "ls -dlZ $HomeDir:"
    ls -dlZ $HomeDir
rlRun "quotacheck -vv -c $HomeDir" 0 "Initialising quota files"
    ls -l $HomeDir/aquota.user
rlRun "setquota bz77871 128 256 0 0 $HomeDir" 0 "Setting the testing user quotas"

  
Actual results:
<cut>
:: [   PASS   ] :: Fixing SELinux context of the testing user's homedir
ls -dlZ /tmp/tmp.6uU3U2s2HV/bz77871:
drwxr-xr-x. bz77871 bz77871 unconfined_u:object_r:user_home_dir_t:s0 /tmp/tmp.6uU3U2s2HV/bz77871
:: [   PASS   ] :: Initialising quota files
ls: cannot access /tmp/tmp.6uU3U2s2HV/bz77871/aquota.user: No such file or directory
setquota: Cannot open quotafile /tmp/tmp.6uU3U2s2HV/bz77871/aquota.user: No such file or directory
setquota: Not all specified mountpoints are using quota.
:: [   FAIL   ] :: Setting the testing user quotas (Expected 0, got 1)


- you see, between the ls after chcon and the ls after quotacheck there us no error message, and quotacheck ('Initialising quota files') says PASS which means the rlRun handler got the expected exit code which was 0 in this case

the corresponding SELinux denial is:

type=1400 audit(1309440738.774:30706): avc:  denied  { write } for  pid=12335 comm="quotacheck" name="/" dev=loop0 ino=2 scontext=unconfined_u:unconfined_r:quota_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir

Expected results:
quotacheck should return non-zero exit code and print some information

from the manpage:

-v    quotacheck  reports  its operation as it progresses.  Normally it operates silently.  If the option is specified twice, also the current directory is printed (note that printing can slow down the scan measurably).

Additional info:
Comment 2 Petr Pisar 2011-06-30 14:51:07 UTC 
I can confirm wrong return code:

[root@rhel-6_1 tmp]# ls -laZ /mnt/quota/
drwxr-xr-x. root root unconfined_u:object_r:user_home_dir_t:s0 .
drwxr-xr-x. root root system_u:object_r:mnt_t:s0       ..
drwx------. root root system_u:object_r:file_t:s0      lost+found

[root@rhel-6_1 tmp]# quotacheck -vv -c /mnt/quota/
quotacheck: Scanning /dev/loop0 [/mnt/quota] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Old group file not found. Usage will not be substracted.
quotacheck: Checked 3 directories and 1 files
quotacheck: Cannot create new quotafile /mnt/quota/aquota.user.new: Permission denied
quotacheck: Cannot initialize IO on new quotafile: Permission denied

[root@rhel-6_1 tmp]# echo $?
0

[root@rhel-6_1 tmp]# rpm -q quota
quota-3.17-16.el6.x86_64

However in contrast to your output, there is lot of messages on stderr including relevant error message. I guess beaker script does not echo rlRun() command output by default.

The same bug presents with upstream development version.
Comment 3 Petr Pisar 2011-07-01 08:48:22 UTC 
Created attachment 510819 [details]
Proposed patch fixing exit code of quotacheck
Comment 4 Petr Pisar 2011-07-01 08:49:42 UTC 
Created attachment 510820 [details]
Patch fixing warning messages to describe underlying issue correctly
Comment 5 Petr Pisar 2011-07-01 08:52:09 UTC 
Patches posted to upstream for revision.
Comment 6 Karel Volný 2011-07-01 10:06:25 UTC 
(In reply to comment #2)
> However in contrast to your output, there is lot of messages on stderr
> including relevant error message. I guess beaker script does not echo rlRun()
> command output by default.

it does, after disabling selinux, I'm getting the informative messages without any problem ... maybe there's some other problem with selinux

however, thanks for the patches, let's wait for upstream then
Comment 7 RHEL Program Management 2011-07-06 00:06:34 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 8 Petr Pisar 2011-07-15 06:14:32 UTC 
Both patches accepted by upstream:

commit 1c3bc6d34439f353ea00239dc1ca31239823bb4f
Author: Petr Písař <ppisar>
Date:   Fri Jul 1 10:22:10 2011 +0200

    get_qf_name() does not check quota file presence
    
    Old error messsage stated a quota file does not exist despite fact
    get_qf_name() does not check the file existence. It constructs the
    file name only.
    
    This lead to misleading message when running initial `quotacheck -c'
    on extended file system mounted with usrquota option only.
    
    Signed-off-by: Jan Kara <jack>

commit 3c0f38a60e0879b4ba1ae9d3cdb3a971951a761f
Author: Petr Pisar <ppisar>
Date:   Fri Jul 1 10:13:54 2011 +0200

    Report quotacheck failures by return code
    
    Signed-off-by: Jan Kara <jack>
Comment 9 Petr Pisar 2011-07-15 09:31:54 UTC 
Created attachment 513348 [details]
Back-ported patch fixing exit code of quotacheck
Comment 11 Suzanne Logcher 2012-02-14 23:10:44 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 12 RHEL Program Management 2012-09-07 05:08:27 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 14 RHEL Program Management 2013-05-21 01:00:42 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 22 Branislav Blaškovič 2013-08-09 10:29:24 UTC 
I can't reproduce this with:

# rpm -q quota selinux-policy
quota-3.17-18.el6.x86_64
selinux-policy-3.7.19-195.el6.noarch

I cannot force SElinux to block quotacheck according to comment 1 or comment 2.

So I've added 'chattr +i <folder>' to block quotacheck.

TestCase added.
Comment 25 errata-xmlrpc 2013-11-21 05:40:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1548.html