When doing a "rpm -V" on an installed package that owns files in /tmp
or /var/tmp, rpmv crashes. This is rpm-4.4.1-21 on FC4.
The crash also leaves rpmdb locked, and the usual rm /var/lib/rpm/__db* helps.
This seems to be a pathological case, as it seems to happen only with /tmp
and /var/tmp, but a crash is a crash...
Created attachment 116117 [details]
Created attachment 116118 [details]
Console output of the crash
Created attachment 116120 [details]
Looks like the Fedora specific matchpathcon stuff, I'll investigate thanks.
Are you running with selinux, can you also do:
ls -lZ /tmp/crashme
Yep, selinux-policy-targeted-1.23.18-12 and enforcing.
$ ls -lZ /tmp/crashme
-rw-r--r-- root root root:object_r:tmp_t /tmp/crashme
I also see that I posted mismatching specfile (package "test4") and backtraces
(from "rpm -V test"), that was the result of trying to minimize the case and
losing track of the "generations" while at it. Sorry about that. Anyway, the
attached specfile in comment 1 can still be used to reproduce the crash here.
Thanks for reproducer and tracebacks, I have a patch that I'm testing will be in
rawhide 4.4.2-4. This is in the fedora matchpathcon selinux impl not in
upstream rpm, basically unchecked path.
If you can test I'll try and get a fix to FC4.
Either there's still a segfault in strcmp, or con is never NULL:
diff -u rpm-4.4.2/lib/verify.c rpm-4.4.2/lib/verify.c
--- rpm-4.4.2/lib/verify.c 2005-07-21 16:47:11.000000000 -0400
+++ rpm-4.4.2/lib/verify.c 2005-08-26 12:23:35.000000000 -0400
@@ -138,8 +138,10 @@
if (fcontext == NULL || strcmp(fcontext, con))
*res |= RPMVERIFY_CONTEXTS;
+ if (con != NULL)
+ if (fcontext != NULL)
The rpm-4.4.2-matchpathcon.patch patch breaks --without-selinux gratuitously, and *still*
does not use dlopen().
Thanks for looking into this. But I don't have a Rawhide box to test with,
and FWIW, I don't think this is necessarily serious enough a problem to
warrant an FC4 erratum.
Ville tomorrows rawhide rpm should work better.
This problem is presumably fixed.
*** Bug 176543 has been marked as a duplicate of this bug. ***
*** Bug 173885 has been marked as a duplicate of this bug. ***