Bug 1386498 - selinux_restorecon -r goes up the tree
Summary: selinux_restorecon -r goes up the tree
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libselinux
Version: 7.3
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks: 1377248
TreeView+ depends on / blocked
 
Reported: 2016-10-19 06:23 UTC by Milos Malik
Modified: 2017-08-01 17:43 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 17:43:16 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1853 0 normal SHIPPED_LIVE libselinux bug fix update 2017-08-01 18:03:23 UTC

Description Milos Malik 2016-10-19 06:23:08 UTC 
Description of problem:
* the realpath(3) problem is already fixed in upstream, but it still affects RHEL-7.3

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64

How reproducible:
* always

Steps to Reproduce:
# time selinux_restorecon -R -v -C /root
specfiles SHA1 digest: 81af33658a8013c7d6ddeb889515b065a52794a7
calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
/etc/selinux/targeted/contexts/files/file_contexts.subs
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin
/etc/selinux/targeted/contexts/files/file_contexts.local
Updated digest for: /root

real	0m0.021s
user	0m0.005s
sys	0m0.016s
# time selinux_restorecon -R -v -C -r /root
specfiles SHA1 digest: 81af33658a8013c7d6ddeb889515b065a52794a7
calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
/etc/selinux/targeted/contexts/files/file_contexts.subs
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin
/etc/selinux/targeted/contexts/files/file_contexts.local
Relabeled /var/log/tuned from system_u:object_r:var_log_t:s0 to system_u:object_r:tuned_log_t:s0
Could not set context for /sys/fs/selinux:  Operation not supported
Could not set context for /sys/fs/selinux/policy_capabilities:  Operation not supported
...
<intentionally shortened>
...
Could not set context for /sys/kernel/security/securelevel:  Operation not supported
ERROR: selinux_restorecon: Success

real	0m32.700s
user	0m25.858s
sys	0m1.304s
#
Comment 3 Petr Lautrbach 2017-01-18 18:18:38 UTC 
https://github.com/SELinuxProject/selinux/commit/aa0c824bb2eeb8960ba02133faade72c837ea951
Comment 6 errata-xmlrpc 2017-08-01 17:43:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1853
Note You need to log in before you can comment on or make changes to this bug.