Bug 218880 - LSPP: 'more' doesn't work after a newrole
LSPP: 'more' doesn't work after a newrole
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-07 18:08 EST by Linda Knippers
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-07 20:33:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Linda Knippers 2006-12-07 18:08:30 EST
Description of problem:
After using 'newrole' to change roles on an MLS system, the 'more'
command no longer works.  It gets an EBADF when trying to read the
user's input for paging.  The problem is that 'more' reads stderr
but 'newrole' closes stderr and re-opens it as WRONLY.

Should we make 'newrole' less paranoid with respect to stderr or
fix 'more'?  'less' reads stdin and therefore works.

Version-Release number of selected component (if applicable):
RHEL5 Beta 2 with MLS policy and policycoreutils from dwalsh
people page.

How reproducible:
very

Steps to Reproduce:
1.install an mls system
2.log in
3.run 'more' on a file bigger than a screen full (works)
4.run 'newrole' to change roles, or probably anything else
5.run 'more' again on the same file and it will terminate after
the first screen full.  An strace shows its an EBADF and I've
verified that the newrole code closes and reopens the fd.

  
Actual results:
'more' aborts after the first screen full.

Expected results:
'more' should wait for user input and then page through the file according.

Additional info:
Comment 1 Stephen Smalley 2006-12-08 08:54:29 EST
Recommend reverting newrole to opening all three descriptors rw, as it used to
do before it was "cleaned up".  This seems consistent with how the shell sets up
descriptors for the tty as well.
Should be a trivial patch, please take to selinux list.
Comment 4 Daniel Walsh 2006-12-08 11:56:09 EST
Fixed in policycoreutils-1.33.6-4.el5
Comment 5 Linda Knippers 2006-12-08 15:06:30 EST
When this shows up in a repo or a kit I'll give it a try.
Are you also posting a patch to the selinux list?
Comment 6 Jay Turner 2006-12-14 08:16:25 EST
QE ack for RHEL5.
Comment 7 RHEL Product and Program Management 2007-02-07 20:33:05 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.