Bug 188899 - Could not relabel /dev/pts/x
Could not relabel /dev/pts/x
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam (Show other bugs)
4.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-13 07:13 EDT by Peter Bieringer
Modified: 2015-01-07 19:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-01 10:04:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2006-04-13 07:13:40 EDT
+++ This bug was initially created as a clone of Bug #152247 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323
Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I keep noticing the following warning message in /var/log/messages

Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not
relabeling.Operation not permitted

Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0.

I think it is being caused by running a "fixfiles relabel" when "su -" as root
at a terminal.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.90

++++ End of original report

I got same messages by switching from root to a system account (for testing file
access) on RHEL4 (at least on 3 systems):

# su -s /bin/sh - ldap

Apr 13 13:12:08 host su(pam_unix)[32414]: session opened for user ldap by
peter(uid=0)
Apr 13 13:12:08 host su[32414]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:14 host su(pam_unix)[32414]: session closed for user ldap

# su -s /bin/sh - named

Apr 13 13:12:17 host su(pam_unix)[32419]: session opened for user named by
peter(uid=0)
Apr 13 13:12:17 host su[32419]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:21 host su(pam_unix)[32419]: session closed for user named


selinux-policy-targeted-1.17.30-2.128
Comment 1 Russell Coker 2006-04-16 03:56:42 EDT
This bug occurs because setfsuid() is called to set the file-system UID to the 
UID of the target user before the selinux PAM module is called to do the SE 
Linux stuff.

Probably if there was code such as:
setfsuid(0);
status=setfilecon(ptr,newdev_context);
setfsuid(user_uid);

Then it would work.

This appears to have been fixed in rawhide by other changes to either 
coreutils or pam.  As this is a cosmetic error (doesn't prevent the system 
from operating correctly) I don't think it's worth an errata for pam.  But 
I'll let the pam maintainers make the decision on that.
Comment 3 Daniel Walsh 2006-06-15 16:25:26 EDT
Could you use runuser instead of su?
Comment 4 Peter Bieringer 2006-06-18 10:42:20 EDT
runuser didn't cause such message and would working for me also.
Comment 5 Peter Bieringer 2006-09-01 10:10:54 EDT
Closed as "NOTABUG" would not be really match the real reason I think...
A retest after upgrade to RHEL4 U4 shows me, that the problem is gone now, so
the reason is more some updates since the reporting date.

Note You need to log in before you can comment on or make changes to this bug.