This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 153711 - will misreport errors on relabelling terminal devices will misreport errors on relabelling terminal devices
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
Blocks: 170587
  Show dependency treegraph
Reported: 2005-04-05 01:44 EDT by Russell Coker
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: pam-0.79-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-05 03:40:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Russell Coker 2005-04-05 01:44:26 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.0 (like Gecko)

Description of problem:
The below code from pam-0.78-selinux.patch has a bug.  It should use ptr  
instead of ttybuf when reporting the error so that if the strncmp() returns  
zero the correct data will be used.  This has been noted when su experiences  
+  if(strncmp("/dev/", tty, 5)) {  
+    snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);  
+    ptr = ttybuf;  
+  }  
+  else  
+    ptr = tty;  
+  if (setfilecon(ptr, context))  
+  {  
+      syslog(LOG_NOTICE,  
+             _("Warning!  Could not relabel %s with %s, not relabeling.\n"),  
+             ttybuf,context);  
+  }  
Also note that in the case of a kill -1 on the sshd for a ssh login it's  
normal that the /dev/pts device will be gone before su notices anything has  
happened.  So maybe ENOENT should not even be logged in this case. 
The URL I've given is for the fedora-selinux-list discussion of this issue. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Login via ssh and su to another account.  Then kill -1 the sshd controlling 
the session.  Note that su logs a message such as the following: 
Apr  3 11:58:51 localhost su[3659]: Warning!  Could not relabel ,
\uffff\uff7f\u0661\uffff with user_u:object_r:devpts_t, not relabeling. 

Additional info:
Comment 1 Tomas Mraz 2005-04-05 03:40:46 EDT
Should be fixed in the next pam build.

Note You need to log in before you can comment on or make changes to this bug.