Description of problem: No Idea. Version-Release number of selected component: policycoreutils-2.5-13.fc24 Additional info: reporter: libreport-2.7.2 backtrace_rating: 4 cmdline: /sbin/restorecon //etc/sysconfig/networking/profiles//default/resolv.conf crash_function: realpath_not_final executable: /usr/sbin/setfiles global_pid: 3859 kernel: 4.7.2-201.fc24.x86_64 pkg_fingerprint: 73BD E983 81B4 6521 pkg_vendor: Fedora Project runlevel: N 5 type: CCpp uid: 0 Truncated backtrace: Thread no. 1 (3 frames) #6 realpath_not_final at matchpathcon.c:406 #7 process_one_realpath at restore.c:425 #8 process_glob at restore.c:391
Created attachment 1201426 [details] File: backtrace
Created attachment 1201427 [details] File: cgroup
Created attachment 1201428 [details] File: core_backtrace
Created attachment 1201429 [details] File: dso_list
Created attachment 1201430 [details] File: environ
Created attachment 1201431 [details] File: limits
Created attachment 1201432 [details] File: maps
Created attachment 1201433 [details] File: mountinfo
Created attachment 1201434 [details] File: namespaces
Created attachment 1201435 [details] File: open_fds
Created attachment 1201436 [details] File: proc_pid_status
Created attachment 1201437 [details] File: var_log_messages
Would you be able to provide more information about the issue? Specifically the following would be helpfull: What were you doing when the issue occured? Are you able to reproduce it? Is the rest of the system up to date (libselinux)?
I am trying to come up with more information. Every 4 hours or so I get a CPU halting. Things continue running on the single core that is left but any call to systemd hangs, so reboot or poweroff are not possible. In fact any diagnostics I have tried have failed to produce any output I could save. I have been using docker to run services, currently I am playing around with samba, apache, postgres and jasperserver in an attempt to provide test service environments. There are two things that could cause network configuration changes as appears to have been happening. The first is me restarting containers, with perhaps changes on the ports used and firewalls. The second is that I have two wireless networks I connect to that can access the server, so the laptop path changes (IPs should remain the same). The system is a new system built about two months ago. It is updated about once or twice a week. The Docker images are also rebuilt on a regular basis. On the particular question of libselinux I have set selinux mode to permissive due to the number of problems I am having with docker containers. With the intention of switching it back on and fixing when the services are presented to the world. I hope this helps. If you need more details and can tell me what you want then I will get back to you as soon as I can.
Thanks for the report. A reproducer for this issue is quite simple: $ ln -s /etc/resolv.conf $HOME $ matchpathcon /$HOME/resolv.conf *** Error in `matchpathcon': free(): invalid pointer: 0x00000000008068b1 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7c503)[0x7fa9a19dc503] /lib64/libselinux.so.1(realpath_not_final+0xc0)[0x7fa9a1d36d50] /lib64/libselinux.so.1(matchpathcon+0xce)[0x7fa9a1d36eee] matchpathcon[0x401215] matchpathcon[0x400f68] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fa9a1981b35] matchpathcon[0x4010f2] or $ restorecon /$HOME/resolv.conf *** Error in `restorecon': free(): invalid pointer: 0x00007f127c44b5f1 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7c503)[0x7f127abb6503] /lib64/libselinux.so.1(realpath_not_final+0xc0)[0x7f127b3d0d50] restorecon(+0x39fb)[0x7f127b8079fb] restorecon(+0x3bab)[0x7f127b807bab] restorecon(+0x2443)[0x7f127b806443] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f127ab5bb35] restorecon(+0x264f)[0x7f127b80664f]
The problem is in realpath_not_final(): 350 int realpath_not_final(const char *name, char *resolved_path) 351 { ... 357 tmp_path = strdup(name); ... 365 /* strip leading // */ 366 while (tmp_path[len] && tmp_path[len] == '/' && 367 tmp_path[len+1] && tmp_path[len+1] == '/') { 368 tmp_path++; 369 len++; 370 } tmp_path pointer is moved forward. 405 out: 406 free(tmp_path); 407 return rc; 408 } and here is an attempt to free() the moved pointer.
Pull request: https://github.com/fedora-selinux/selinux/pull/30 Please use the following scratch build until fixed package is available. http://koji.fedoraproject.org/koji/taskinfo?taskID=16196593
The fix appears to clear up a number of probelms I had with SELinux. I have been running with SELinux enabled for a few days without any problems. Thanks
Thanks for the testing! Upstream commit - https://github.com/SELinuxProject/selinux/commit/0776dca5758af7c64435c7cead44517e768e5a52
libselinux-2.5-13.fc25 policycoreutils-2.5-18.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-17b60ec8d1
secilc-2.5-6.fc24 checkpolicy-2.5-8.fc24 policycoreutils-2.5-15.fc24 libsemanage-2.5-6.fc24 libselinux-2.5-12.fc24 libsepol-2.5-10.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e780970d04
libselinux-2.5-13.fc25, policycoreutils-2.5-18.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-17b60ec8d1
checkpolicy-2.5-8.fc24, libselinux-2.5-12.fc24, libsemanage-2.5-6.fc24, libsepol-2.5-10.fc24, policycoreutils-2.5-15.fc24, secilc-2.5-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e780970d04
libselinux-2.5-13.fc25, policycoreutils-2.5-18.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
checkpolicy-2.5-8.fc24, libselinux-2.5-12.fc24, libsemanage-2.5-6.fc24, libsepol-2.5-10.fc24, policycoreutils-2.5-15.fc24, secilc-2.5-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.