Bug 1502009 - file_contexts.bin: line 1 error due to: Non-ASCII characters found
Summary: file_contexts.bin: line 1 error due to: Non-ASCII characters found
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Ben Levenson
URL:
Whiteboard: https://fedoraproject.org/wiki/Common...
Keywords: CommonBugs
: 1386180 1394042 (view as bug list)
Depends On:
Blocks: ZedoraTracker PPCTracker F25s390x
TreeView+ depends on / blocked
 
Reported: 2017-10-13 17:27 UTC by Ralf Corsepius
Modified: 2017-11-28 23:54 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2017-11-28 23:54:24 UTC


Attachments (Terms of Use)

Description Ralf Corsepius 2017-10-13 17:27:13 UTC
Description of problem:

During a "dnf install" on a just installed fc27 I encountered this:

# dnf install <somepackage>
Last metadata expiration check: 0:04:38 ago on Fri 13 Oct 2017 07:17:42 PM CEST.
...
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
/etc/selinux/targeted/contexts/files/file_contexts.bin:  line 1 error due to: Non-ASCII characters found
/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin:  line 1 error due to: Non-ASCII characters found
...

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-283.10.fc27.noarch

Comment 1 Adam Williamson 2017-10-16 21:31:06 UTC
This isn't new, I don't think, I was seeing it a while ago. Didn't get around to reporting it yet, but I don't think it's a reason to -1 the update.

Comment 2 Ralf Corsepius 2017-10-17 04:07:26 UTC
(In reply to Adam Williamson from comment #1)
> This isn't new, I don't think, I was seeing it a while ago.
I was seeing it upon the 1st update of a brand new fc27 _install_ (Not update) on a brand new machine.

> Didn't get
> around to reporting it yet, but I don't think it's a reason to -1 the update.
What else if not seeing an error in an update of brand new install is a reason to -1 an update, in your opinon? 

After testing FC27 on several machines, I know SElinux in FC27 very bugged and broken with this incident likely being one detail contributing to it.

Comment 3 Adam Williamson 2017-10-17 16:10:25 UTC
"What else if not seeing an error in an update of brand new install is a reason to -1 an update, in your opinon?"

The thing is, I don't think the bug is in the update. It happens on updates that don't involve SELinux packages at all; it's happening, I think, as a consequence of some other operation that occurs during update / install of some other packages, possibly a scriptlet, possibly a trigger.

That's why I said it doesn't make sense to -1 the update, as I don't think the update to selinux-policy is actually the cause.

I've found five other reports of the same error, now I went and looked:

https://bugzilla.redhat.com/show_bug.cgi?id=1386180 (that one seems ppc64-specific)
https://bugzilla.redhat.com/show_bug.cgi?id=1394042 (has a plausible-sounding diagnosis)
https://bugzilla.redhat.com/show_bug.cgi?id=1364173 (involves local customization)
https://bugzilla.redhat.com/show_bug.cgi?id=1499883 (suggests it happens on useradd, which would explain why it happens with some package scriptlets)
https://bugzilla.redhat.com/show_bug.cgi?id=1393651

None of those relates to this update. This should probably be made a dupe of one of them.

Comment 4 Lukas Vrabec 2017-10-19 12:28:28 UTC
*** Bug 1386180 has been marked as a duplicate of this bug. ***

Comment 5 Lukas Vrabec 2017-10-19 12:28:34 UTC
*** Bug 1394042 has been marked as a duplicate of this bug. ***

Comment 6 Petr Lautrbach 2017-10-19 15:22:51 UTC
file_contexts.bin file is regenerated by sefcontext_compile utility every time policy is rebuilt, e.g. during update, after semodule -B, ... and this file contains pre compiled pcre regexes from file_contexts.

libselinux tries to open and read /etc/selinux/targeted/contexts/files/file_contexts.bin and when there's an error, it tries to open and read /etc/selinux/targeted/contexts/files/file_contexts.

So the error message has no real impact on functionality.

The reason why you can see usually on a fresh system and on live images is that file_contexts.bin is being generated during build. But while selinux-policy is noarch, compiled regexes in file_contexts.bin are architecture dependent. And when a build occurs on an architecture with different endianness the problem appears.

We're planning to drop .bin files from selinux-policy completely. Originally we added them when there were bugs in libselinux which prevented Anaconda and Atomic systems to work without such files. It's probably not the case anymore.

For Fedora 26 it would have a small performance impact on Live and Atomic systems. On Fedora 27, there's already an investigation [1] which says that .bin files doesn't improve performance when used with PCRE2 and SELinux userspace release 2.7.

[1]  https://janzarskyblog.wordpress.com/2017/09/06/why-we-dont-need-to-ship-file_contexts-bin-with-selinux-policy/

Comment 7 Hans de Goede 2017-11-06 15:26:04 UTC
Hi,

Not shipping pre-built arch dependent .bin files in a noarch pkgs sounds like a good solution to me. But in the mean anyone doing almost anything selinux related from the cmdline is still getting these ugly errors, so can you please drop the .bin files in the next policy update ?

Regards,

Hans

Comment 8 Lukas Vrabec 2017-11-07 09:18:25 UTC
We have this in Fedora Rawhide already and back ported to the F27. This change will be part of the next selinux-policy update.

Comment 9 Adam Williamson 2017-11-07 18:48:16 UTC
Marking CommonBugs, we should document this for OOTB F27 users.

Comment 10 Fedora Update System 2017-11-22 08:56:23 UTC
selinux-policy-3.13.1-283.17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d05b1a2ab9

Comment 11 Fedora Update System 2017-11-22 21:41:58 UTC
selinux-policy-3.13.1-283.17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d05b1a2ab9

Comment 12 Fedora Update System 2017-11-28 23:54:24 UTC
selinux-policy-3.13.1-283.17.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.