Bug 138561 - Installing kernel package hard links files from other kernels, causes SELinux warnings
Summary: Installing kernel package hard links files from other kernels, causes SELinux...
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 3
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Russell Coker
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-09 21:44 UTC by Jordan Russell
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-03 01:21:51 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jordan Russell 2004-11-09 21:44:23 UTC
Description of problem:
When a new kernel package is installed, the rpm script calls an
undocumented utility by the name of "/usr/sbin/hardlink" that
evidently finds duplicate files in different paths and hard links them
together. I suppose the point of this is to save disk space.

This hard linking causes issues with SELinux. When I run "fixfiles
relabel" afterward messages like this get syslogged:

/usr/sbin/setfiles:  conflicting specifications for
/lib/modules/2.6.9-1.667/build/usr/Makefile and
/usr/src/linux-2.6.9x/usr/Makefile, using
system_u:object_r:modules_object_t.

Notice how it has hard linked a file in /lib/modules to a file in
/usr/src. SELinux can't handle this because the two paths use
different contents -- /lib/modules uses
"system_u:object_r:modules_object_t", while /usr/src uses
"system_u:object_r:src_t".
(See /etc/selinux/targeted/src/policy/file_contexts/file_contexts.)

Version-Release number of selected component (if applicable):
kernel-2.6.9-1.667

How reproducible:
Always

Steps to Reproduce:
1. Place a vanilla kernel in /usr/src/linux-2.6.9x and "make
bzImage/modules/modules_install/install" it from there.
2. Install kernel-2.6.9-1.667

Actual Results:  Files from /lib/modules/2.6.9-1.667 and
/usr/src/linux-2.6.9x are hard linked together.

Expected Results:  They should not be hard linked together. (Just get
rid of the "hardlink" call?)

Additional info:

Comment 1 Daniel Walsh 2005-04-19 15:59:34 UTC
What policy are you running?

Dan

Comment 2 Russell Coker 2005-04-20 04:46:05 UTC
This is not a bug in the policy, it's a bug in the kernel package.  Files 
under /usr/src should not be involved in any package install.  The fact 
that /usr/src may have files identical to files in kernel packages is not 
relevant to the package install process. 

Comment 4 Dave Jones 2005-07-15 19:18:10 UTC
An update has been released for Fedora Core 3 (kernel-2.6.12-1.1372_FC3) which
may contain a fix for your problem.   Please update to this new kernel, and
report whether or not it fixes your problem.

If you have updated to Fedora Core 4 since this bug was opened, and the problem
still occurs with the latest updates for that release, please change the version
field of this bug to 'fc4'.

Thank you.

Comment 5 Dave Jones 2005-10-03 01:21:51 UTC
This bug has been automatically closed as part of a mass update.
It had been in NEEDINFO state since July 2005.
If this bug still exists in current errata kernels, please reopen this bug.

There are a large number of inactive bugs in the database, and this is the only
way to purge them.

Thank you.


Note You need to log in before you can comment on or make changes to this bug.