Bug 733512

Summary: systemd-tmpfiles: Failed to set security context
Product: [Fedora] Fedora Reporter: igor.redhat <igor.redhat>
Component: systemdAssignee: Lennart Poettering <lpoetter>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dwalsh, harald, johannbg, kay, lpoetter, metherid, mschmidt, notting, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-29 16:17:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description igor.redhat@gmail.com 2011-08-25 20:29:57 UTC 
Description of problem:

After booting F16 Alpha XFCE Live Media (from USB), I get the following in dmesg:

[   26.527514] systemd-tmpfiles[953]: Successfully loaded SELinux database in 23ms 442us, size on heap is 464K.
[   26.674027] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.703616] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.708932] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.723974] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.730305] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.735517] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.740672] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.745830] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.750862] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.755966] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.760832] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.765715] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.770669] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.775393] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.780279] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.784976] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.789765] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.794328] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.798927] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.803665] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.808587] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_t:s0 for /var: Permission denied
[   26.813372] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.818062] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.822771] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.827283] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:var_run_t:s0 for /run: Permission denied
[   26.831887] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:tmp_t:s0 for /tmp: Permission denied
[   26.836370] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:tmp_t:s0 for /tmp: Permission denied
[   26.840785] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:tmp_t:s0 for /tmp: Permission denied
[   26.845298] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:tmp_t:s0 for /tmp: Permission denied
[   26.849916] systemd-tmpfiles[953]: Failed to set security context system_u:object_r:tmp_t:s0 for /tmp: Permission denied



Version-Release number of selected component (if applicable):

F16 Alpha XFCE Live Media

$ rpm -qi systemd
Name        : systemd
Version     : 33
Release     : 1.fc16
Architecture: x86_64

$ rpm -qi selinux-policy
Name        : selinux-policy
Version     : 3.10.0
Release     : 15.fc16
Architecture: noarch

How reproducible:

Steps to Reproduce:
1. Boot Live image from USB stick
2. Check dmesg
Comment 1 Lennart Poettering 2011-08-29 12:01:59 UTC 
Igor, any selinux AVCs in the logs when this happens?

Dan, do you have an idea what might be wrong here? This is our own label_mkdir() which internall invokes setfscreatecon() followed by mkdir(). The setfscreatcon() fails with EPERM/EACCES.
Comment 2 Lennart Poettering 2011-08-29 12:03:27 UTC 
Hmm, probably a duplicate of bug 733086
Comment 3 Daniel Walsh 2011-08-29 16:17:23 UTC 
I think so.

*** This bug has been marked as a duplicate of bug 733086 ***