This indicates the kernel is leaking a file descriptor.

(In reply to comment #1)
> This indicates the kernel is leaking a file descriptor.

How does it indicate this?

Please provide more details and logging information.

You probably need to enable auditing to find the pathnames etc.

Also, when did this start happening?  After a kernel upgrade, policy upgrade? 
If so, which versions?

(In reply to comment #2)

The audit messages show denials on:
- an open file descriptor labeled with the kernel's domain (kernel_t) that
refers to a file named "hda7", and
- the "hda7" file referenced by that descriptor, labeled with the
fixed_disk_device_t type and the blk_file (block device file) class.

This implies that a kernel thread (or subsequent usermode helper run by a kernel
thread without performing a domain transition, although such helpers typically
have their own domains, at least under strict) has opened a descriptor to that
device and failed to close it, such that all descendants end up trying to
inherit it and run into the SELinux denials (which would close the descriptor
and replace it with a reference to the null device if in enforcing mode).

Created attachment 118239 [details]
dmesg in kernel-2.6.13-1.1525_FC5

This problem still happenes in kernel-2.6.13-1.1525_FC5.

selinux-policy-targeted-1.25.4-11, audit-1.0.3-1

$fdisk /dev/hda

The number of cylinders for this disk is set to 9729.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): p

Disk /dev/hda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1        1912    15358108+   7  HPFS/NTFS
/dev/hda2            1913        9728    62782020    f  W95 Ext'd (LBA)
/dev/hda5            1913        5099    25599546    c  W95 FAT32 (LBA)
/dev/hda6            5100        8286    25599546    c  W95 FAT32 (LBA)
/dev/hda7            8287        8384      787153+  82  Linux swap / Solaris
/dev/hda8            8385        9727    10787616   83  Linux

/dev/hda7 partion type is linux swap in my linux system.

I'm seeing something similar with s.p.t. 1.27.1-2.3. Whenever I enable SELinux
(permissive), I get messages like the following:

Oct 13 18:30:33 localhost kernel: audit(1129227906.025:2): avc:  denied  { read
write } for  pid=998 comm="hwclock" name="console" dev=tmpfs ino=487
scontext=system_u:system_r:hwclock_t tcontext=system_u:object_r:tmpfs_t
tclass=chr_file
Oct 13 18:30:33 localhost kernel: audit(1129227906.113:3): avc:  denied  {
search } for  pid=998 comm="hwclock" name="/" dev=tmpfs ino=486
scontext=system_u:system_r:hwclock_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 13 18:30:33 localhost kernel: audit(1129227906.113:4): avc:  denied  { ioctl
} for  pid=998 comm="hwclock" name="rtc" dev=tmpfs ino=1321
scontext=system_u:system_r:hwclock_t tcontext=system_u:object_r:tmpfs_t
tclass=chr_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.208:5): avc:  denied  { read
write } for  pid=1030 comm="fsck" name="console" dev=tmpfs ino=487
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=chr_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.208:6): avc:  denied  { read
} for  pid=1030 comm="fsck" name="hda6" dev=tmpfs ino=1488
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=blk_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.208:7): avc:  denied  {
getattr } for  pid=1030 comm="fsck" name="hda6" dev=tmpfs ino=1488
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=blk_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.296:8): avc:  denied  { ioctl
} for  pid=1031 comm="fsck.ext3" name="console" dev=tmpfs ino=487
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=chr_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.300:9): avc:  denied  { write
} for  pid=1031 comm="fsck.ext3" name="hda6" dev=tmpfs ino=1488
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=blk_file
Oct 13 18:30:34 localhost kernel: audit(1129224307.300:10): avc:  denied  {
ioctl } for  pid=1031 comm="fsck.ext3" name="hda6" dev=tmpfs ino=1488
scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:tmpfs_t
tclass=blk_file
Oct 13 18:30:34 localhost kernel: audit(1129224308.608:11): avc:  denied  { read
write } for  pid=1072 comm="setfiles" name="console" dev=tmpfs ino=487
scontext=system_u:system_r:setfiles_t tcontext=system_u:object_r:tmpfs_t
tclass=chr_file
Oct 13 18:30:35 localhost kernel: audit(1129224620.927:12): avc:  denied  {
search } for  pid=1551 comm="cardmgr" name="/" dev=tmpfs ino=486
scontext=system_u:system_r:cardmgr_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 13 18:30:35 localhost kernel: audit(1129224621.791:13): avc:  denied  {
write } for  pid=1653 comm="syslogd" name="/" dev=tmpfs ino=486
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 13 18:30:35 localhost kernel: audit(1129224621.791:14): avc:  denied  {
add_name } for  pid=1653 comm="syslogd" name="log"
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 13 18:30:35 localhost kernel: audit(1129224621.791:15): avc:  denied  {
create } for  pid=1653 comm="syslogd" name="log"
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
Oct 13 18:30:35 localhost kernel: audit(1129224621.791:16): avc:  denied  {
setattr } for  pid=1653 comm="syslogd" name="log" dev=tmpfs ino=5272
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
Oct 13 18:30:35 localhost kernel: audit(1129224621.839:17): avc:  denied  {
search } for  pid=1655 comm="klogd" name="/" dev=tmpfs ino=486
scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir
Oct 13 18:30:35 localhost kernel: audit(1129224621.839:18): avc:  denied  {
write } for  pid=1655 comm="klogd" name="log" dev=tmpfs ino=5272
scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
Oct 13 18:30:35 localhost kernel: audit(1129224622.135:19): avc:  denied  {
search } for  pid=1669 comm="auditd" name="/" dev=tmpfs ino=486
scontext=system_u:system_r:auditd_t tcontext=system_u:object_r:tmpfs_t tclass=dir

whenever I boot the system, and similar things upon shutdown. Oddly, I don't
believe I ever get them when using the system.

I've tried relabeling several times, rebuilding the policy from sources, and
even rebuilt the initrd, to no avail. If I try to enable enforcing, the system
becomes unbootable as fsck is denied the access necessary to do its business.
[This is with a kernel built from 2.6.13-1.1528_FC4 (with revision 19 of John
Linville's patches), but I've seen it with official kernels as well.]

I see alot selinux related messages since I updated to rawhide from FC4. I am
running selinux-policy-targeted-1.27.1-22. I see these messages during boot and
shutdown. I did a touch /autorelabel and reboot to see if things got better but
they remained the same. The first and third messages (hwclock and fsck) have me
concerned the most. I am running kernel 2.6.13-1.1621_FC5.  Here are the messages:

Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use } for
pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied { read }
for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841544.332:4): avc: denied { use } for
pid=1204 comm="fsck" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841544.660:5): avc: denied { read }
for pid=1214 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841544.948:6): avc: denied { read }
for pid=1215 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841546.084:7): avc: denied { read }
for pid=1257 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841546.456:8): avc: denied { read }
for pid=1262 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:restorecon_t:s0

tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file


Oct 20 15:52:51 pcjason kernel: audit(1129841546.772:9): avc: denied { use } for
pid=1263 comm="swapon" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841551.160:10): avc: denied { read }
for pid=1439 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.228:11): avc: denied { read }
for pid=1441 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.256:12): avc: denied { read }
for pid=1443 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.320:13): avc: denied { read }
for pid=1445 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.360:14): avc: denied { read }
for pid=1448 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.388:15): avc: denied { use }
for pid=1449 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841551.392:16): avc: denied { read }
for pid=1450 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.424:17): avc: denied { use }
for pid=1452 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841551.436:18): avc: denied { read }
for pid=1456 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.444:19): avc: denied { read }
for pid=1458 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.584:20): avc: denied { read }
for pid=1470 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.816:21): avc: denied { read }
for pid=1508 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.828:22): avc: denied { read }
for pid=1511 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.844:23): avc: denied { read }
for pid=1514 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.856:24): avc: denied { read }
for pid=1516 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.868:25): avc: denied { read }
for pid=1518 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.884:26): avc: denied { read }
for pid=1521 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841551.892:27): avc: denied { use }
for pid=1522 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841553.480:28): avc: denied { use }
for pid=1523 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:51 pcjason kernel: audit(1129841555.920:29): avc: denied { read }
for pid=1524 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841555.932:30): avc: denied { read }
for pid=1526 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:51 pcjason kernel: audit(1129841555.936:31): avc: denied { use }
for pid=1527 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:52 pcjason kernel: audit(1129841555.960:32): avc: denied { read }
for pid=1532 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:52 pcjason kernel: audit(1129841555.968:33): avc: denied { read }
for pid=1533 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:52 pcjason kernel: audit(1129841555.976:34): avc: denied { read }
for pid=1535 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:52 pcjason kernel: audit(1129841556.048:35): avc: denied { read }
for pid=1546 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

Oct 20 15:52:52 pcjason kernel: audit(1129841556.308:36): avc: denied { use }
for pid=1563 comm="syslogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:52 pcjason kernel: audit(1129841556.444:37): avc: denied { use }
for pid=1566 comm="klogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:52 pcjason kernel: audit(1129841556.748:38): avc: denied { use }
for pid=1583 comm="portmap" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:portmap_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Oct 20 15:52:52 pcjason kernel: audit(1129841557.492:39): avc: denied { use }
for pid=1592 comm="auditd" name="VolGroup00-LogVol01" dev=tmpfs ino=760
scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:system_r:kernel_t:s0
tclass=fd

Thanks,
Jason

I'd suggest re-assigning component to lvm, as I think that this is just a
descriptor leak by it.  From the various reports, it sounds like lvm is opening
the swap device and never closing it (or marking it close-on-exec), so all
descendants end up inheriting the descriptor and SELinux correctly stomps on it.

lvm2 doesn't fork so how can it affect other processes like that?

Could this be another nash initrd bug?

Does the boot log show any lvm2 "File descriptor N left open" warning messages?

Does 'lsof' reveal anything?  [e.g. 'lsof -p1' will show if the nash bug has
reappeared]

Duplicate of bug 169427 perhaps?

That's nash sometimes keeping a swap partition fd open before exec-ing init.

Here is the output from lsof -p1

COMMAND PID USER   FD   TYPE DEVICE    SIZE    NODE NAME
init      1 root  cwd    DIR  253,0    4096       2 /
init      1 root  rtd    DIR  253,0    4096       2 /
init      1 root  txt    REG  253,0   27120 1933423 /sbin/init
init      1 root  mem    REG    0,0               0 [vdso] (stat: No such file
or directory)
init      1 root  mem    REG  253,0    6804  360467 /lib/libsetrans.so.0
init      1 root  mem    REG  253,0   13892  360521 /lib/libdl-2.3.90.so
init      1 root  mem    REG  253,0  207304  360466 /lib/libsepol.so.1
init      1 root  mem    REG  253,0   80580  360474 /lib/libselinux.so.1
init      1 root  mem    REG  253,0 1458948  360497 /lib/libc-2.3.90.so
init      1 root  mem    REG  253,0  118280  360463 /lib/ld-2.3.90.so
init      1 root   10u  FIFO   0,15             911 /dev/initctl
init      1 root   42r   BLK  253,1             781 /mapper/VolGroup00-LogVol01

That's the same nash bug then.


*** This bug has been marked as a duplicate of 169427 ***