1366608 – [fix available] Error setting extended attribute 'security.selinux': Operation not supported

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1366608 - [fix available] Error setting extended attribute 'security.selinux': Operation not supported

Summary: [fix available] Error setting extended attribute 'security.selinux': Operatio...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	evince
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Caolan McNamara
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:	1022649 1386851
Blocks:
TreeView+	depends on / blocked

Reported:	2016-08-12 12:40 UTC by Vera Budikova
Modified:	2017-08-02 06:51 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1022649
Environment:
Last Closed:	2017-08-01 18:32:52 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	692552	0	None	None	None	2016-08-12 12:40:07 UTC

Description Vera Budikova 2016-08-12 12:40:08 UTC

+++ This bug was initially created as a clone of Bug #1022649 +++

Description of problem:
I tried to save a PDF file open in evince to disk. Evince was launched from thunderbird, I'm not sure if it matters here. The directory to save into is mounted using NFS4 (with sec=sys, no selinux support). Evince saved the file successfully, but displayed an error message.

---8<-----
The file could not be saved as “file:///home/zbyszek/neuro/pub/ssa/HepburnFrontiersCompNeuro2013.pdf”.

Error setting extended attribute 'security.selinux': Operation not supported
--->8-----

Version-Release number of selected component (if applicable):
evince-3.10.0-1.fc20.x86_64

Expected results:
That evince ignores settings not applicable to a file system, and doesn't say "failed to save", when it actually saved successfully.

--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2013-10-23 13:40:15 EDT ---



--- Additional comment from Steeve McCauley on 2013-11-15 07:22:35 EST ---

I've also seen this, for a few versions of fedora at least.  Currently at Fedora 19, mountpoint is nfs4.

--- Additional comment from Milan Bouchet-Valat on 2014-09-01 06:35:31 EDT ---

I'm seeing the same on F20, with a BTRFS /home, when trying to save a PDF downloaded and opened via Firefox (which saves to /var/tmp, a ext4 partition). Looks like Mozilla is the common factor here.

--- Additional comment from Marek Kašík on 2014-09-01 11:22:13 EDT ---

There is an upstream bug for this. I've attached there a patch which at least says that setting of an attribute failed instead of saying that the save failed.

--- Additional comment from Milan Bouchet-Valat on 2014-09-01 11:27:12 EDT ---

Great, thanks!

I'd still like to find out what's causing the extended attributes issue in the first place. My /home definitely supports them...

--- Additional comment from Rodrigo Kassick on 2015-04-03 11:46:11 EDT ---

I think the issue is quite mundane.

Firefox saves files to /tmp with permissions 0400/-r--------  

When Firefox calls evince to open the file and the user uses "Save as" to store the file elsewhere in their filesystem, it simply copies the file with the same permissions. The file saved in the home directory has permissions 0400 as well.

Calling setattr in a file with read-only permissions results in "permission denied" .

I'm guessing the problem is simply permissions, rather then extended attributes

--- Additional comment from Milan Bouchet-Valat on 2015-04-03 12:09:15 EDT ---

Good catch. So looks like there are two bugs here:
1) Firefox should copy files with write permissions.
2) Evince shouldn't complain with a cryptic error when it cannot write to a file (after all, we only want to view it...).

--- Additional comment from Fedora End Of Life on 2015-05-29 05:37:11 EDT ---

This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

--- Additional comment from Steeve McCauley on 2015-05-29 07:17:28 EDT ---

The bug still exists when using "Save a copy ..." in evince 3.14.2 to an nfs mounted filesystem.  This happens whether the file was saved with firefox or opened and saved using evince, so firefox doesn't enter into this issue at all.

I just verified this in Fedora 21.

The error message is still a fatal message: The file could not be saved as "file:///nfs/mount/foo.pdf".
Error setting extended attribute 'security.selinux': operation not supported

But the file most definitely is saved.

--- Additional comment from Zbigniew Jędrzejewski-Szmek on 2015-05-29 12:23:38 EDT ---

I saw this recently in F21.

--- Additional comment from Dominik Grafenhofer on 2015-06-26 02:23:26 EDT ---

I observe the same problem on F22 when opening PDFs in evince (3.16.1) via firefox.

--- Additional comment from Fedora End Of Life on 2015-11-04 06:14:57 EST ---

This message is a reminder that Fedora 21 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 21. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '21'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 21 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

--- Additional comment from Daniel on 2015-11-04 15:45:16 EST ---

problem still exists in Fedora 23 evince 3.18.0

--- Additional comment from  on 2015-12-29 08:48:32 EST ---

Saw similar in FC23.  File was saved to disk (worked with both a local save to /tmp and an nfs save to homedir).  Oddly, reference to nfs4_acl was also on /tmp which is local.

The file could not be saved as “file:///tmp/testForm.pdf”.
Error setting extended attribute 'system.nfs4_acl': Operation not supported

--- Additional comment from Steeve McCauley on 2016-06-08 09:52:16 EDT ---

Problem still exists in FC24 (beta) evince 3.20.


Package version: evince-3.14.2-17.el7.x86_64

Comment 2 Caolan McNamara 2017-01-16 10:55:30 UTC

rebasing to 3.22-1.4 gets this bundled in

Note You need to log in before you can comment on or make changes to this bug.