Bug 167580 - post_create: setxattr failed
post_create: setxattr failed
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stephen Tweedie
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-05 17:11 EDT by Milan Kerslager
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-13 14:06:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milan Kerslager 2005-09-05 17:11:28 EDT
I have a lot of these messages in my /var/log/messages from the kernel
(2.6.9-11.ELsmp on dual AMD Opteron 244 x86_64 machine):

post_create:  setxattr failed, rc=122 (dev=md1 ino=1320515)

It seems like only anoying messages according to:
http://mail.wirex.com/pipermail/linux-security-module/2005-July/6274.html

I'l try to use beta kernel too.
Comment 1 Stephen Tweedie 2005-09-13 14:06:37 EDT
This is a property of the existing SELinux implementation: the core VFS doesn't
ask SELinux to set up security contexts until after the filesystem itself has
created a new file.  So, it is possible for the file create to succeed but for
the initialisation of the SELinux label to fail; such files end up with a
default label, but the SELinux security policy deals with those labels to avoid
this being a security problem.

rc=122 indicates that the error here is EDQUOT, so the user has exceeded disk
quota between the initial file create and the setting of the SELinux attribute.

Future versions of Linux will not have this behaviour, but will set SELinux
attributes atomically and will fail the create if that cannot be done.  But this
will not be changed in RHEL-4, as that constitutes a significant change in the
semantics of the VFS layer.

Note You need to log in before you can comment on or make changes to this bug.