Red Hat Bugzilla – Bug 138561
Installing kernel package hard links files from other kernels, causes SELinux warnings
Last modified: 2007-11-30 17:10:54 EST
Description of problem:
When a new kernel package is installed, the rpm script calls an
undocumented utility by the name of "/usr/sbin/hardlink" that
evidently finds duplicate files in different paths and hard links them
together. I suppose the point of this is to save disk space.
This hard linking causes issues with SELinux. When I run "fixfiles
relabel" afterward messages like this get syslogged:
/usr/sbin/setfiles: conflicting specifications for
Notice how it has hard linked a file in /lib/modules to a file in
/usr/src. SELinux can't handle this because the two paths use
different contents -- /lib/modules uses
"system_u:object_r:modules_object_t", while /usr/src uses
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Place a vanilla kernel in /usr/src/linux-2.6.9x and "make
bzImage/modules/modules_install/install" it from there.
2. Install kernel-2.6.9-1.667
Actual Results: Files from /lib/modules/2.6.9-1.667 and
/usr/src/linux-2.6.9x are hard linked together.
Expected Results: They should not be hard linked together. (Just get
rid of the "hardlink" call?)
What policy are you running?
This is not a bug in the policy, it's a bug in the kernel package. Files
under /usr/src should not be involved in any package install. The fact
that /usr/src may have files identical to files in kernel packages is not
relevant to the package install process.
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem. Please update to this new kernel, and
report whether or not it fixes your problem.
If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.
This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.
There are a large number of inactive bugs in the database, and this is the only
way to purge them.