Bug 1281877 - a new restorecond process is created each time the root user logs in from gui
a new restorecond process is created each time the root user logs in from gui
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: policycoreutils (Show other bugs)
6.7
All Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Petr Lautrbach
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-13 11:53 EST by João Avelino Bellomo Filho
Modified: 2016-05-10 13:03 EDT (History)
6 users (show)

See Also:
Fixed In Version: policycoreutils-2.0.83-26.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-10 13:03:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description João Avelino Bellomo Filho 2015-11-13 11:53:50 EST
Description of problem:

Each time the 'root' login from GUI a new restorecond process is created.

Version-Release number of selected component (if applicable):

RHEL 6.7

How reproducible:

Steps to Reproduce:
1. Login on a RHEL 6.7 Desktop from GUI. 

2. Logout

3. Login again on a RHEL 6.7 Desktop from GUI. 

4. Open a terminal window and execute the follow command line:

ps auxww | grep restorecond

Actual results:

. There are two 'restorecond -u' processes running:

root      2607  0.0  2.3  49932 23876 ?        Ss   14:45   0:00 /usr/sbin/restorecond -u
root      3143  0.0  2.3  49932 23636 ?        Ss   14:46   0:00 /usr/sbin/restorecond -u
root      3214  0.0  0.0 103312   864 pts/0    S+   14:46   0:00 grep restorecond

Expected results:

. Should be only one 'restorecond -u' process:

root      3143  0.0  2.3  49932 23636 ?        Ss   14:46   0:00 /usr/sbin/restorecond -u
root      3214  0.0  0.0 103312   864 pts/0    S+   14:46   0:00 grep restorecond

Additional info:

The issue happens due to the XDG auto start configuration. The '/etc/xdg/autostart/restorecond.desktop' configures the automatic execution of 'restorecond' command as user mode for all users ('root' included). But as the 'root' user the process behavior is different. It does not stop when the 'root' session is closed. So, each time the 'root' login a new session a new 'restorecond' process is created.
Comment 1 Milos Malik 2015-11-13 12:09:36 EST
I can confirm that it does not happen for common users (including confined users), but it happens for the root user. After 3 logins and 3 logouts as root you can see following:

# ps -efZ | grep rest
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 17953 1  0 18:05 ? 00:00:00 /usr/sbin/restorecond -u
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 18751 1  0 18:06 ? 00:00:00 /usr/sbin/restorecond -u
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 19868 1  0 18:08 ? 00:00:00 /usr/sbin/restorecond -u
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 20030 9894  0 18:08 pts/0 00:00:00 grep rest
#
Comment 3 Petr Lautrbach 2016-01-07 08:08:05 EST
We can treat root as a regular user when -u is used:

--- a/restorecond/restorecond.c
+++ b/restorecond/restorecond.c
@@ -205,9 +205,11 @@ int main(int argc, char **argv)
                exitApp("getpwuid");
 
        homedir = pwd->pw_dir;
+
+       if (run_as_user)
+               return server(master_fd, user_watch_file);
+
        if (uid != 0) {
-               if (run_as_user)
-                       return server(master_fd, user_watch_file);
                if (start() != 0)
                        return server(master_fd, user_watch_file);
                return 0;
Comment 8 errata-xmlrpc 2016-05-10 13:03:35 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0791.html

Note You need to log in before you can comment on or make changes to this bug.