Bug 160755 - /sbin/losetup -e blowfish /dev/loop0 /var/local/existing_file # fails
/sbin/losetup -e blowfish /dev/loop0 /var/local/existing_file # fails
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: util-linux (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-17 01:02 EDT by Stephen P. Schaefer
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-29 05:22:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen P. Schaefer 2005-06-17 01:02:32 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
[root@thyrsus-laptop ~]# ls -l /var/local/cdata
-rwx------  1 root root 2097152000 Jun 16 23:37 /var/local/cdata
[root@thyrsus-laptop ~]# lsmod
Module                  Size  Used by
blowfish                9153  0
cryptoloop              3521  0
loop                   18121  1 cryptoloop
radeon                 76609  1
drm                    70101  2 radeon
parport_pc             28933  1
lp                     13001  0
parport                40585  2 parport_pc,lp
autofs4                29253  2
rfcomm                 42333  0
l2cap                  30661  5 rfcomm
bluetooth              56133  4 rfcomm,l2cap
sunrpc                167813  1
pcmcia                 29025  2
ipt_REJECT              5569  1
ipt_state               1857  2
ip_conntrack           41497  1 ipt_state
iptable_filter          2881  1
ip_tables              19521  3 ipt_REJECT,ipt_state,iptable_filter
video                  15941  0
button                  6609  0
battery                 9413  0
ac                      4805  0
md5                     4033  1
ipv6                  268097  10
ohci1394               41353  0
ieee1394              304441  1 ohci1394
yenta_socket           21449  1
rsrc_nonstatic         12737  1 yenta_socket
pcmcia_core            50909  3 pcmcia,yenta_socket,rsrc_nonstatic
ohci_hcd               26849  0
shpchp                 94405  0
i2c_ali1535             7365  0
i2c_core               21569  1 i2c_ali1535
snd_ali5451            28933  1
snd_ac97_codec         75961  1 snd_ali5451
snd_seq_dummy           3653  0
snd_seq_oss            37057  0
snd_seq_midi_event      9153  1 snd_seq_oss
snd_seq                62289  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device          8781  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            51185  0
snd_mixer_oss          17857  1 snd_pcm_oss
snd_pcm               100169  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
snd_timer              33605  2 snd_seq,snd_pcm
snd                    57157  11 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              10913  1 snd
snd_page_alloc          9669  1 snd_pcm
natsemi                34849  0
floppy                 65269  0
joydev                  9601  0
dm_snapshot            17413  0
dm_zero                 2113  0
dm_mirror              26029  0
ext3                  132553  2
jbd                    86233  1 ext3
dm_mod                 58101  6 dm_snapshot,dm_zero,dm_mirror
[root@thyrsus-laptop ~]# /sbin/losetup -e blowfish /dev/loop0 /var/local/cdata
/var/local/cdata: Permission denied


Version-Release number of selected component (if applicable):
util-linux-2.12p-9.3; selinux-policy-targeted-1.23.16-6

How reproducible:
Always

Steps to Reproduce:
1. [root@thyrsus-laptop ~]# ls -l /var/local/cdata
-rwx------  1 root root 2097152000 Jun 16 23:37 /var/local/cdata
2. [root@thyrsus-laptop ~]# lsmod # blowfish, cryptoloop, loop modules loaded
Module                  Size  Used by
blowfish                9153  0
cryptoloop              3521  0
loop                   18121  1 cryptoloop
radeon                 76609  1
drm                    70101  2 radeon
parport_pc             28933  1
lp                     13001  0
parport                40585  2 parport_pc,lp
autofs4                29253  2
rfcomm                 42333  0
l2cap                  30661  5 rfcomm
bluetooth              56133  4 rfcomm,l2cap
sunrpc                167813  1
pcmcia                 29025  2
ipt_REJECT              5569  1
ipt_state               1857  2
ip_conntrack           41497  1 ipt_state
iptable_filter          2881  1
ip_tables              19521  3 ipt_REJECT,ipt_state,iptable_filter
video                  15941  0
button                  6609  0
battery                 9413  0
ac                      4805  0
md5                     4033  1
ipv6                  268097  10
ohci1394               41353  0
ieee1394              304441  1 ohci1394
yenta_socket           21449  1
rsrc_nonstatic         12737  1 yenta_socket
pcmcia_core            50909  3 pcmcia,yenta_socket,rsrc_nonstatic
ohci_hcd               26849  0
shpchp                 94405  0
i2c_ali1535             7365  0
i2c_core               21569  1 i2c_ali1535
snd_ali5451            28933  1
snd_ac97_codec         75961  1 snd_ali5451
snd_seq_dummy           3653  0
snd_seq_oss            37057  0
snd_seq_midi_event      9153  1 snd_seq_oss
snd_seq                62289  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device          8781  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            51185  0
snd_mixer_oss          17857  1 snd_pcm_oss
snd_pcm               100169  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
snd_timer              33605  2 snd_seq,snd_pcm
snd                    57157  11 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              10913  1 snd
snd_page_alloc          9669  1 snd_pcm
natsemi                34849  0
floppy                 65269  0
joydev                  9601  0
dm_snapshot            17413  0
dm_zero                 2113  0
dm_mirror              26029  0
ext3                  132553  2
jbd                    86233  1 ext3
dm_mod                 58101  6 dm_snapshot,dm_zero,dm_mirror
3. [root@thyrsus-laptop ~]# /sbin/losetup -e blowfish /dev/loop0 /var/local/cdata
/var/local/cdata: Permission denied
 

Actual Results:  /var/local/cdata: Permission denied


Expected Results:  Password:

(prompt for password)

Additional info:

This worked in Fedora Core 2 and Fedora Core 3; if I had to bet, I'd put money on it being a problem with the default (targeted, right?) SELinux configuration.  However, there are no messages corresponding to the event in /var/log/messages, where, at least at one point, SELinux audit messages were sent.  If there is some sort of logging I can turn on, I'll be happy to do so.  An strace of the losetup process contains the line:

open("/var/local/cdata", O_RDWR|O_LARGEFILE) = -1 EACCES (Permission denied)
Comment 1 Nils Toedtmann 2005-06-20 08:58:06 EDT
I can confirm this bug. Upgraded from FC3 to FC4 and have to "setenforce 0"
since for loopback mounts. 

I have moved the image file around the filesystem and did 

  setfiles /etc/selinux/targeted/contexts/files/file_contexts $imagefile

but it did not help. Tried to find a valid security context ("chcon") for the
image file but failed. Always got something like

  avc: denied ... comm="losetup" ... scontext=root:system_r:fsadm_t tcontext=...
tclass=file

Using FC4, 2.6.11-1.1369_FC4xen0, util-linux-2.12p-9.5
, selinux-policy-targeted-1.23.16-6
Comment 2 Nils Toedtmann 2005-06-20 09:04:00 EDT
Bug #160859 is a duplicate of this. It has a good summary line.
Comment 3 Nils Toedtmann 2005-06-20 09:12:26 EDT
xen does not work on image files because of this bug. "xm create" fails when
xend tries to assing a /dev/loop* to the imagefile. But when i do 

  setenforce 0
  losetup /dev/loop0 /home/xen/domain1-rootfs
  setenforce 1
  xm create domain1

it works.
Comment 4 Nils Toedtmann 2005-06-21 05:18:02 EDT
An upgrade to selinux-policy-targeted-1.23.18-12 resolved this issue for me. Now
i can do "losetup" and "mount -o loop" again.

Unfortunately, xen's "xm create" still does not work. Will open xen bug entry
for this.
Comment 5 Nils Toedtmann 2005-06-21 05:57:07 EDT
See bug #161195.
Comment 6 Stephen P. Schaefer 2005-06-23 08:50:50 EDT
I ran up2date last night, bringing in selinux-policy-targeted-1.23.18-12, and
this is working as I'd like.  I'd be happy to see this declared resolved.  The
form would seem to allow me to do that, but I'm not familiar enough with the QA
requirements to feel comfortable doing that.  I haven't (yet) tried xen.
Comment 7 Karel Zak 2005-06-29 05:22:09 EDT
Thanks for your feedback.

Note You need to log in before you can comment on or make changes to this bug.