Bug 111752 - assertion failure
assertion failure
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: prelink (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-09 12:34 EST by Tim Waugh
Modified: 2007-04-18 13:00 EDT (History)
2 users (show)

See Also:
Fixed In Version: 0.3.0-17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-27 10:55:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
typescript of gdb session (28.57 KB, text/plain)
2003-12-09 12:35 EST, Tim Waugh
no flags Details
/var/log/prelink.log after a prelink-0.3.0-15 run (42.38 KB, text/plain)
2003-12-09 13:10 EST, Tim Waugh
no flags Details
/var/log/prelink.log after a prelink-0.3.0-15 run (335.39 KB, text/plain)
2003-12-09 13:11 EST, Tim Waugh
no flags Details

  None (edit)
Description Tim Waugh 2003-12-09 12:34:51 EST
Description of problem:
[...]
Prelinking /usr/lib/libgnomesupport.so.0.0.0
/usr/sbin/prelink: cannot get security context for
/usr/lib/libgnomesupport.so.0.0.0 : No data available
prelink: dso.c:1624: close_dso: Assertion `dso->temp_filename !=
((void *)0)' failed.

Version-Release number of selected component (if applicable):
prelink-0.3.0-16.sel

How reproducible:
100%

Steps to Reproduce:
1. Run prelink, or wait until it runs from cron.
2. See /var/log/prelink.log.
  
See attached gdb run.
Comment 1 Tim Waugh 2003-12-09 12:35:34 EST
Created attachment 96429 [details]
typescript of gdb session
Comment 2 Tim Waugh 2003-12-09 12:35:55 EST
This is on kernel 2.6.0-0.test11.1.9.
Comment 3 Tim Waugh 2003-12-09 13:06:39 EST
0.3.0-15 does not give an assertion failure (but it also fails to
prelink anything due to lack of security contexts).
Comment 4 Tim Waugh 2003-12-09 13:10:28 EST
Created attachment 96430 [details]
/var/log/prelink.log after a prelink-0.3.0-15 run
Comment 5 Tim Waugh 2003-12-09 13:11:48 EST
Created attachment 96431 [details]
/var/log/prelink.log after a prelink-0.3.0-15 run

(oops, wrong file last time)
Comment 6 Jakub Jelinek 2003-12-09 13:22:29 EST
Dan, your patch is certainly buggy in the error path handling
(it can do double free etc.).
Please look at prelink-0.3.0-15 in dist-fc2 where is some
selinux stuff already incorporated.
The main thing is that neither of these is right.
What prelink should do is around creating of the temporary files
use some very minimal setfscreatecon which will allow it only to
write the file into the system directories, but they even shouldn't
be executable at all, etc.
Then, after the file is actually written fully, right before rename,
it should be given the desired security context copied from the origin

I haven't implemented this because I have no idea how to create such
context.
Comment 7 Daniel Walsh 2003-12-09 15:17:47 EST
I have redone the patch in prelink-0.3.0-16.sel on Nov 19th.

Could you check out this patch.

Dan
Comment 8 Jakub Jelinek 2003-12-09 15:22:20 EST
That's the patch I was talking about.
The abort Tim got was from 16.sel.
Now, when Tim has SELinux capable kernel, what are the reasons why
could getfilecon fail (with ENODATA)? Shoudl that be always considered
as fatal thing?
If you tell me how the very little priviledged context can be created,
I'll update prelink.
Comment 9 Jakub Jelinek 2003-12-10 03:32:36 EST
Please try prelink-0.3.0-17 in dist-fc2-scratch.
Comment 10 Tim Waugh 2003-12-10 05:09:52 EST
0.3.0-17 works fine.

Note You need to log in before you can comment on or make changes to this bug.