152247 – Could not relabel /dev/pts/x

Bug 152247 - Could not relabel /dev/pts/x

Summary: Could not relabel /dev/pts/x

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	3
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-03-26 19:12 UTC by Adam Bowns
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-03-28 18:59:36 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Adam Bowns 2005-03-26 19:12:16 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I keep noticing the following warning message in /var/log/messages

Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not relabeling.Operation not permitted

Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0.

I think it is being caused by running a "fixfiles relabel" when "su -" as root at a terminal.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.90

How reproducible:
Sometimes

Steps to Reproduce:
1. Log in as normal user.
2. Open terminal.
3. su -
4. fixfiles relabel
  

Actual Results:  Sometimes the warning message appears.

Expected Results:  No warning message.

Additional info:

Comment 1 Daniel Walsh 2005-03-28 16:00:44 UTC

First off why are you fixfiles relabeling all the time?

This is denying you the right to relabel the terminal you are currently on.  So
this is expected and probably what you want.  When you  exit the su the terminal
will get set back to the default.

Dan

Comment 2 Adam Bowns 2005-03-28 18:11:50 UTC

I'm probably going about it the wrong way, but the reason I've been doing a
fixfiles relabel is if I've copied something say from root's directory to my
home directory and set the permissions and ownership the same way I would do on
a non SELinux system, you still need to change each files SELinux attributes in
order to read them, the only reason I've been using fixfiles relabel for this is
its quicker than going through each file individually... probably a misuse of
the program, but it seems to do the job :-)

This is probably not a bug then.

Regards,
Adam

Comment 3 Daniel Walsh 2005-03-28 18:59:36 UTC

You probably want to use restorecon for this.

restorecon -R -v /home/USERNAME 
Would recursively walk the homedirectory and fix the context.  
restorecon -v /home/USERNAME/file_name 
Fixes it for a single file.

cp should pick up the security context of the destination directory if it is not
going across mount points.

chcon also alows you to set the security context for an individual file.  It has
similar command to chmod.  chcon -t user_home_t /home/USERNAME/file_name would
change the type componant to user_home_t.

fixfiles relabel will run through the entire file system and read every single file.

Dan

Note You need to log in before you can comment on or make changes to this bug.