Bug 989945

Summary: some files get mislabelled after LVM activation generator is executed
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.12.1-86.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:44:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Milos Malik 2013-07-30 07:58:59 UTC 
Description of problem:

Version-Release number of selected component (if applicable):
lvm2-2.02.98-6.el7.x86_64
selinux-policy-3.12.1-65.el7.noarch
selinux-policy-devel-3.12.1-65.el7.noarch
selinux-policy-doc-3.12.1-65.el7.noarch
selinux-policy-minimum-3.12.1-65.el7.noarch
selinux-policy-mls-3.12.1-65.el7.noarch
selinux-policy-targeted-3.12.1-65.el7.noarch

How reproducible:
always

Steps to Reproduce:
(if there is a simpler way how to invoke LVM activation generator, please tell me)
# virt-sandbox-service -c lxc:/// create -C -u sshd.service -N dhcp,source=default testssh
# virt-sandbox-service delete testssh
(following message just appeared on the console:
LVM: Activation generator successfully completed)
# restorecon -Rv /run

Actual results:
Both /run/systemd/generator/lvm2-activation* files are mislabelled.

Expected results:
Both /run/systemd/generator/lvm2-activation* files are labelled correctly.
Comment 1 Milos Malik 2013-07-30 08:00:44 UTC 
# restorecon -Rv /run/restorecon:  Warning no default label for /run/lightdm.pid
restorecon:  Warning no default label for /run/rhn_check.pid
restorecon:  Warning no default label for /run/rhnsd.pid
restorecon:  Warning no default label for /run/lock/subsys
restorecon:  Warning no default label for /run/lock/subsys/vhostmd
restorecon:  Warning no default label for /run/lock/subsys/network
restorecon:  Warning no default label for /run/lock/subsys/rhnmd
restorecon:  Warning no default label for /run/lock/subsys/rhnsd
restorecon:  Warning no default label for /run/lock/subsys/trace-cmd
restorecon:  Warning no default label for /run/initramfs
restorecon:  Warning no default label for /run/initramfs/rwtab
restorecon:  Warning no default label for /run/initramfs/state
restorecon:  Warning no default label for /run/initramfs/state/var
restorecon:  Warning no default label for /run/initramfs/state/var/lib
restorecon:  Warning no default label for /run/initramfs/state/var/lib/dhclient
restorecon:  Warning no default label for /run/initramfs/state/etc
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig/network-scripts
restorecon reset /run/systemd/generator/lvm2-activation.service context system_u:object_r:lvm_unit_file_t:s0->system_u:object_r:systemd_unit_file_t:s0
restorecon reset /run/systemd/generator/lvm2-activation-early.service context system_u:object_r:lvm_unit_file_t:s0->system_u:object_r:systemd_unit_file_t:s0
#
Comment 2 Milos Malik 2013-07-30 08:06:41 UTC 
Much simpler reproducer:

# systemctl daemon-reload
# dmesg | tail -n 1
[668345.081136] LVM: Activation generator successfully completed.
# restorecon -Rv /run/
restorecon:  Warning no default label for /run/lightdm.pid
restorecon:  Warning no default label for /run/rhn_check.pid
restorecon:  Warning no default label for /run/rhnsd.pid
restorecon:  Warning no default label for /run/lock/subsys
restorecon:  Warning no default label for /run/lock/subsys/vhostmd
restorecon:  Warning no default label for /run/lock/subsys/network
restorecon:  Warning no default label for /run/lock/subsys/rhnmd
restorecon:  Warning no default label for /run/lock/subsys/rhnsd
restorecon:  Warning no default label for /run/lock/subsys/trace-cmd
restorecon:  Warning no default label for /run/initramfs
restorecon:  Warning no default label for /run/initramfs/rwtab
restorecon:  Warning no default label for /run/initramfs/state
restorecon:  Warning no default label for /run/initramfs/state/var
restorecon:  Warning no default label for /run/initramfs/state/var/lib
restorecon:  Warning no default label for /run/initramfs/state/var/lib/dhclient
restorecon:  Warning no default label for /run/initramfs/state/etc
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig
restorecon:  Warning no default label for /run/initramfs/state/etc/sysconfig/network-scripts
restorecon reset /run/systemd/generator/lvm2-activation.service context system_u:object_r:lvm_unit_file_t:s0->system_u:object_r:systemd_unit_file_t:s0
restorecon reset /run/systemd/generator/lvm2-activation-early.service context system_u:object_r:lvm_unit_file_t:s0->system_u:object_r:systemd_unit_file_t:s0
#
Comment 3 Miroslav Grepl 2013-10-03 22:15:24 UTC 
commit c7e6c33650472de35d38a50e2efb711ada808b10
Author: Miroslav Grepl <mgrepl>
Date:   Thu Oct 3 23:58:57 2013 +0200

    Add labeling for /usr/lib/systemd/system/lvm2.* unit files
Comment 6 Ludek Smid 2014-06-13 10:44:24 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.