This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 203040 - semodule -i, -r and -b segafault
semodule -i, -r and -b segafault
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
6
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-17 18:12 EDT by Ben Marzinski
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-28 13:29:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
policy module package used in the example (1.44 KB, application/octet-stream)
2006-08-17 18:17 EDT, Ben Marzinski
no flags Details

  None (edit)
Description Ben Marzinski 2006-08-17 18:12:35 EDT
Description of problem:
running
# semodule -i <module_package>
or
# semodule -r <module>
or
# semodule -b /usr/share/selinux/targeted/base.pp

segfaults. This happens when upgrading selinux-policy and when installing
policy modules by hand. However at least while installing policy modules by
hand, it seems that the module does get installed, even with the segfault.

Version-Release number of selected component (if applicable):
policycoreutils-1.30.26-1 on i386
libsemanage-1.6.15-1

How reproducible:
Always

Steps to Reproduce:

[root@cypher-01 ~]# semodule -l
amavis  1.0.5
clamav  1.0.5
dcc     1.0.1
evolution       1.0.3
mozilla 1.0.3
nagios  1.0.2
pyzor   1.0.4
razor   1.0.1
[root@cypher-01 ~]# semodule -i local.pp 
Segmentation fault
[root@cypher-01 ~]# semodule -l
amavis  1.0.5
clamav  1.0.5
dcc     1.0.1
evolution       1.0.3
local   1.0
mozilla 1.0.3
nagios  1.0.2
pyzor   1.0.4
razor   1.0.1
[root@cypher-01 ~]# semodule -r local
Segmentation fault
[root@cypher-01 ~]# semodule -l
amavis  1.0.5
clamav  1.0.5
dcc     1.0.1
evolution       1.0.3
mozilla 1.0.3
nagios  1.0.2
pyzor   1.0.4
razor   1.0.1
[root@cypher-01 ~]# 

Actual results:

semodule segfaults, although the module is installed and removed

Expected results:

semodule doesn't segfault

Additional info:

[root@cypher-01 ~]# gdb semodule
GNU gdb Red Hat Linux (6.3.0.0-1.131.FC6rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run -i local.pp
Starting program: /usr/sbin/semodule -i local.pp
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xb7f15000

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x007877a0 in semanage_install_active (sh=0xa0373b0) at semanage_store.c:1018
#2  0x007897b5 in semanage_install_sandbox (sh=0xa0373b0) at semanage_store.c:1208
#3  0x0077e96b in semanage_direct_commit (sh=0xa0373b0) at direct_api.c:661
#4  0x007806c8 in semanage_commit (sh=0xa0373b0) at handle.c:246
#5  0x080494e8 in main (argc=7794416, argv=0xbf867354) at semodule.c:429
#6  0x481bc214 in __libc_start_main () from /lib/libc.so.6
#7  0x08048d91 in _start ()
(gdb)
Comment 1 Ben Marzinski 2006-08-17 18:17:04 EDT
Created attachment 134416 [details]
policy module package used in the example
Comment 2 Ben Marzinski 2006-08-17 20:15:30 EDT
Well, once I noticed that libselinux wasn't uptodate and updated it, the
segfault went away.  Instead, I get

libsemanage.semanage_install_active: Non-fatal error:  Could not copy
/etc/selinux/targeted/modules/active/file_contexts.local to
/etc/selinux/targeted/contexts/files/file_contexts.local
Comment 3 Daniel Walsh 2006-08-18 09:37:35 EDT
This looks like a labeling problem.
Could you attach the avc messages from /var/log/messages or /var/log/audit/audit.log

restorecon -R -v /etc/selinux

Will clear up labeling problems in policy.

touch /.autorelabel; reboot

will relabel the entire machine.
Comment 4 Ben Marzinski 2006-08-18 14:06:16 EDT
relabeling the machine didn't change the message.

here are the messages from /var/log/audit/audit.log

type=MAC_POLICY_LOAD msg=audit(1155924789.856:46): policy loaded auid=0
type=SYSCALL msg=audit(1155924789.856:46): arch=40000003 syscall=4 success=yes
exit=910553 a0=4 a1=b7ecf000 a2=de4d9 a3=bfce5258 items=0 pid=2369 auid=0 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="load_policy"
exe="/usr/sbin/load_policy" subj=root:system_r:load_policy_t:s0-s0:c0.c255
type=AVC msg=audit(1155924790.460:47): avc:  denied  { read } for  pid=2210
comm="hald-addon-stor" name="hdc" dev=tmpfs ino=3533
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=blk_file
type=SYSCALL msg=audit(1155924790.460:47): arch=40000003 syscall=5 success=yes
exit=4 a0=bfbf5e08 a1=8880 a2=0 a3=8880 items=1 pid=2210 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
comm="hald-addon-stor" exe="/usr/libexec/hald-addon-storage"
subj=system_u:system_r:hald_t:s0
type=CWD msg=audit(1155924790.460:47):  cwd="/usr/libexec"
type=PATH msg=audit(1155924790.460:47): item=0 name="/dev/hdc" inode=3533
dev=00:10 mode=060660 ouid=0 ogid=6 rdev=16:00 obj=system_u:object_r:device_t:s0
type=AVC msg=audit(1155924790.464:48): avc:  denied  { ioctl } for  pid=2210
comm="hald-addon-stor" name="hdc" dev=tmpfs ino=3533
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=blk_file
type=SYSCALL msg=audit(1155924790.464:48): arch=40000003 syscall=54 success=yes
exit=1 a0=4 a1=5326 a2=7fffffff a3=4 items=0 pid=2210 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
comm="hald-addon-stor" exe="/usr/libexec/hald-addon-storage"
subj=system_u:system_r:hald_t:s0
type=AVC_PATH msg=audit(1155924790.464:48):  path="/dev/hdc"
Comment 5 Daniel Walsh 2006-08-18 23:49:14 EDT
Please attach the local.te file that you used to create the pp file.
Comment 6 Daniel Walsh 2006-08-31 11:23:13 EDT
libsemanage.semanage_install_active: Non-fatal error:  Could not copy
/etc/selinux/targeted/modules/active/file_contexts.local to
/etc/selinux/targeted/contexts/files/file_contexts.local

Has been fixed in a rawhide 

Not sure why you are getting a mislaneled /dev/hfc though.

Note You need to log in before you can comment on or make changes to this bug.