Description of problem: Installation of selinux-policy-mls-3.13.1-148.fc24.noarch seems to have exposed a bug in libselinux, which results in an error message from /bin/su The problem seems to be that -148 adds a file_contexts.local.bin, which seems to be giving libselinux indigestion. strace of the problematic area: open("/etc/selinux/mls/contexts/files/file_contexts.local", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 open("/etc/selinux/mls/contexts/files/file_contexts.local.bin", O_RDONLY|O_CLOEXEC) = 6 fstat(6, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap(NULL, 0, PROT_READ, MAP_PRIVATE, 6, 0) = -1 EINVAL (Invalid argument) gdb traceback: Breakpoint 1, mmap64 () at ../sysdeps/unix/syscall-template.S:84 84 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) (gdb) where #0 mmap64 () at ../sysdeps/unix/syscall-template.S:84 #1 0x00007feeef6c4fef in load_mmap (rec=0x557ca26ef810, sb=0x7ffc075846e0, sb=0x7ffc075846e0, path=0x7ffc07584800 "/etc/selinux/mls/contexts/files/file_contexts.local") at label_file.c:292 #2 process_file (path=0x7ffc07584800 "/etc/selinux/mls/contexts/files/file_contexts.local", path@entry=0x557ca26ef8f0 "/etc/selinux/mls/contexts/files/file_contexts", suffix=suffix@entry=0x7feeef6cc6e2 "local", rec=rec@entry=0x557ca26ef810, prefix=prefix@entry=0x0) at label_file.c:468 #3 0x00007feeef6c5d69 in init (rec=0x557ca26ef810, opts=<optimized out>, n=<optimized out>) at label_file.c:543 #4 0x00007feeef6c781f in selabel_open (backend=0, opts=0x0, nopts=0) at label.c:182 #5 0x00007feeeabb6b86 in pam_sm_open_session () from /usr/lib64/security/pam_xauth.so #6 0x00007feef71ac33a in _pam_dispatch () from /lib64/libpam.so.0 #7 0x0000557ca1f3d5e2 in su_main () #8 0x00007feef6bfa600 in __libc_start_main (main=0x557ca1f3c8d0 <main>, argc=1, argv=0x7ffc075c8068, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc075c8058) at ../csu/libc-start.c:289 #9 0x0000557ca1f3c909 in _start () (gdb) c Continuing. mmap: Invalid argument Looks like the problem is in src/label_file.c, function load_map(), near here: rc = fstat(mmapfd, &mmap_stat); if (rc < 0) { close(mmapfd); return -1; } Probably needs this: if (!mmap_stat.st_size) { close(mmapfd); return -1; } Version-Release number of selected component (if applicable): libselinux-2.4-3.fc24.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
selinux-policy ships an empty /etc/selinux/mls/contexts/files/file_contexts.local.bin file. libselinux tries to mmap it and fails. This bug should be harmless, it's just an error on strderr.
Error also happens on dracut, and presumably on any other software that tries to label a file context. Harmless or not, unexpected error messages are something you *don't* want to see on security-relevant commands like su and dracut..
Valdis, This should be fixed in the latest selinux-policy rpm package. Could you re-test it? Thanks.
Sorry for the delay, missed the notification that commetn 5 was there. Yes, as of current rawhide, su and dracut are working as expected...
Thanks!