Red Hat Bugzilla – Bug 201414
ybin fails with "Failed to initialize HFS working directories: Permission denied"
Last modified: 2007-11-30 17:11:39 EST
With the 20060803.1 Test2 release candidate tree, ybin will fail with the
Failed to initialze HFS working directories: Permission denied
ybin has the SELinux context of system_u:object_r:bootloader_exec_t. Changing
the SELinux context to (e.g.) system_u:object_r:sbin_t allows ybin to work.
This problem causes grubby to be unable to change the bootloader config, which
keeps you from booting a new kernel.
ybin is a shell script. It fails when it tries to execute hmount (from hfsutils).
The error message indicates that hmount fails in hcwd_init(). This function
normally creates/opens "/root/.hcwd". I suspect SELinux is denying this and
causing hmount to fail, which causes ybin to fail.
Bug component may need to be changed to either hfsutils or policy - I will
I should have mentioned - this is yaboot-1.3.13-0.18.1
Found a solution: hmount and friends read the environment variable HOME, so
adding a line to ybin that says:
allows everything to work correctly except updating the OF boot device in
dwalsh has tweaked policy to allow bootloader_t to write to /dev/nvram, so all
that remains is fixing ybin. I'll upload a patch shortly.
Created attachment 133968 [details]
patch to ybin that makes it use /boot for state info instead of /root
One note: /boot is used because it's the only place bootloader_exec_t is
naturally allowed to write. Any other directory will fail.
If /boot is mounted read-only, this will fail. Still, this fix will work for 98%
of cases, and the other 2% get a 'Read-only filesystem' error, which should be
To get the other 2 percent, we would need a dedicated state dir for hfsutils
(say /var/tmp/hfs) and another policy change.
Thanks for the patch, this works as a temporary solution but it's not really
suitable for upstream yaboot.