Bug 203986 - ybin fails selinux; stat64(".", ) = -1 EACCES
ybin fails selinux; stat64(".", ) = -1 EACCES
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: yaboot (Show other bugs)
5
powerpc Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-24 16:14 EDT by John Reiser
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-16 08:30:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
/etc/yaboot.conf (559 bytes, text/plain)
2006-08-24 16:17 EDT, John Reiser
no flags Details
strace output showing strange failures in stat64() (1.95 MB, text/plain)
2006-08-24 16:20 EDT, John Reiser
no flags Details
"avc denied" lines from audit.log (59.98 KB, text/plain)
2006-08-24 16:23 EDT, John Reiser
no flags Details

  None (edit)
Description John Reiser 2006-08-24 16:14:18 EDT
Description of problem:
/sbin/ybin fails to update the boot apparatus (choices offered at boot do not
match /etc/yaboot.conf) during "yum update kernel".  Symptoms can be repeated
afterwards by running /sbin/ybin:
-----
# /sbin/ybin --verbose
ybin: Iterating through list of boot partitions...
/sbin/ybin  --verbose -b /dev/hda2
ybin: Finding OpenFirmware device path to `/dev/hda2'...
ybin: Finding OpenFirmware device path to `/dev/hda3'...
Failed to initialize HFS working directories: Permission denied
ybin: /dev/hda2 appears to have never had a bootstrap installed, please run mkofboot
/sbin/ybin  --verbose -b /dev/hda5
ybin: Finding OpenFirmware device path to `/dev/hda5'...
ybin: Finding OpenFirmware device path to `/dev/hda3'...
Failed to initialize HFS working directories: Permission denied
ybin: /dev/hda5 appears to have never had a bootstrap installed, please run mkofboot
-----
Updates via yum had been succeeding until the update which installed
kernel-2.6.17-1.2174_FC5.

Version-Release number of selected component (if applicable):
yaboot-1.3.13-0.18
selinux-policy-targeted-2.3.3-8.fc5
mkinitrd-5.0.32-1
kernel-2.6.17-1.2145_FC5

How reproducible:
always

Steps to Reproduce:
1. /sbin/ybin --verbose
2.
3.
  
Actual results:
Complains "Failed to initialize HFS working directories" and boot choices are
not updated from /etc/yaboot.conf.

Expected results:
No complaints; boot choices get updated from /etc/yaboot.conf.

Additional info:
SELinux policy is targeted enforcing.  A complete relabel was done using "touch
/.autorelabel" followed by boot, but running /sbin/ybin still fails.  I will
attach file /etc/yaboot.conf, and output from "strace -f /sbin/ybin --verbose",
where lines such as the following appear many times:
-----
2205  stat64(".", 0x7f898f50)           = -1 EACCES (Permission denied)
-----
(executed as root, in /root, with:
-----
# pwd
/root
# ls -ld .
drwxr-x--- 7 root root 4096 Aug 24 13:19 .
# ls -ldZ .
drwxr-x---  root root root:object_r:user_home_dir_t    .
# 
-----
Comment 1 John Reiser 2006-08-24 16:17:41 EDT
Created attachment 134855 [details]
/etc/yaboot.conf

yaboot.conf with new kernel stanza for kernel-2.6.17-1.2174_FC5, but that
choice does not appear at actual boot (only 2145 and 2135).
Comment 2 John Reiser 2006-08-24 16:20:57 EDT
Created attachment 134856 [details]
strace output showing strange failures in stat64()

strace.out  from "strace -o strace.out -f /sbin/ybin --verbose".
Comment 3 John Reiser 2006-08-24 16:23:58 EDT
Created attachment 134857 [details]
"avc denied" lines from audit.log

The "denied" messsages from /var/log/audit/audit.log.
Comment 4 Paul Nasrat 2006-11-16 08:30:50 EST
Should be fixed in FC6 and later with the don't write in $HOME patch.

Note You need to log in before you can comment on or make changes to this bug.