Bug 188899 - Could not relabel /dev/pts/x
Summary: Could not relabel /dev/pts/x
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam
Version: 4.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-13 11:13 UTC by Peter Bieringer
Modified: 2015-01-08 00:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-09-01 14:04:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Peter Bieringer 2006-04-13 11:13:40 UTC 
+++ This bug was initially created as a clone of Bug #152247 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323
Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
I keep noticing the following warning message in /var/log/messages

Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not
relabeling.Operation not permitted

Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0.

I think it is being caused by running a "fixfiles relabel" when "su -" as root
at a terminal.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.90

++++ End of original report

I got same messages by switching from root to a system account (for testing file
access) on RHEL4 (at least on 3 systems):

# su -s /bin/sh - ldap

Apr 13 13:12:08 host su(pam_unix)[32414]: session opened for user ldap by
peter(uid=0)
Apr 13 13:12:08 host su[32414]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:14 host su(pam_unix)[32414]: session closed for user ldap

# su -s /bin/sh - named

Apr 13 13:12:17 host su(pam_unix)[32419]: session opened for user named by
peter(uid=0)
Apr 13 13:12:17 host su[32419]: Warning!  Could not relabel /dev/pts/3 with
user_u:object_r:initrc_devpts_t, not relabeling.Operation not permitted
Apr 13 13:12:21 host su(pam_unix)[32419]: session closed for user named


selinux-policy-targeted-1.17.30-2.128
Comment 1 Russell Coker 2006-04-16 07:56:42 UTC 
This bug occurs because setfsuid() is called to set the file-system UID to the 
UID of the target user before the selinux PAM module is called to do the SE 
Linux stuff.

Probably if there was code such as:
setfsuid(0);
status=setfilecon(ptr,newdev_context);
setfsuid(user_uid);

Then it would work.

This appears to have been fixed in rawhide by other changes to either 
coreutils or pam.  As this is a cosmetic error (doesn't prevent the system 
from operating correctly) I don't think it's worth an errata for pam.  But 
I'll let the pam maintainers make the decision on that.
Comment 3 Daniel Walsh 2006-06-15 20:25:26 UTC 
Could you use runuser instead of su?
Comment 4 Peter Bieringer 2006-06-18 14:42:20 UTC 
runuser didn't cause such message and would working for me also.
Comment 5 Peter Bieringer 2006-09-01 14:10:54 UTC 
Closed as "NOTABUG" would not be really match the real reason I think...
A retest after upgrade to RHEL4 U4 shows me, that the problem is gone now, so
the reason is more some updates since the reporting date.
Note You need to log in before you can comment on or make changes to this bug.