Fedora Account System
Red Hat Associate
Red Hat Customer
In PCP we are using multiple copies of the same file to deal with a need to use the same file within different selinux contexts. Implementation of rpmbuild hardlinks breaks this as all the files are now hard-linked and thus use the same selinux context. This is causing AVCs and breaks some functionality due to lack of permissions to access those affected files. IMO this is a consequence of https://fedoraproject.org/wiki/Changes/Hardlink_identical_files_in_packages_by_default (bz2388198) Reproducible: Always Steps to Reproduce: 1. Install pcp: dnf install -y pcp 2. Check selinux context for /usr/bin/pm*ctl ls -ilZ /usr/bin/pm*ctl Actual Results: Selinux context is the same for both files: 165678 -rwxr-xr-x. 2 root root system_u:object_r:pcp_pmlogger_exec_t:s0 53604 Oct 14 20:00 /usr/bin/pmiectl 165678 -rwxr-xr-x. 2 root root system_u:object_r:pcp_pmlogger_exec_t:s0 53604 Oct 14 20:00 /usr/bin/pmlogctl Expected Results: Selinux context should be different for each file: 145091 -rwxr-xr-x. 1 root root system_u:object_r:pcp_pmie_exec_t:s0 53604 Oct 14 20:00 /usr/bin/pmiectl 165529 -rwxr-xr-x. 1 root root system_u:object_r:pcp_pmlogger_exec_t:s0 53604 Oct 14 20:00 /usr/bin/pmlogctl
$ target/debug/linkdupes --print-selinux-contexts /usr/bin/pmiectl /usr/bin/pmlogctl /usr/bin/pmiectl → system_u:object_r:pcp_pmie_exec_t:s0 /usr/bin/pmlogctl → system_u:object_r:pcp_pmlogger_exec_t:s0 So those should not be hardlinked by linkdupes. But I see that pcp has it's own selinux policy. So maybe in the buildroot this policy is not installed and then this fails? Yeah, in mock: # linkdupes --print-selinux-contexts /usr/bin/pmiectl /usr/bin/pmlogctl /usr/bin/pmiectl → system_u:object_r:bin_t:s0 /usr/bin/pmlogctl → system_u:object_r:bin_t:s0 If I then install pcp-selinux into this mock chroot, I get: # linkdupes --print-selinux-contexts /usr/bin/pmiectl /usr/bin/pmlogctl /usr/bin/pmiectl → system_u:object_r:pcp_pmie_exec_t:s0 /usr/bin/pmlogctl → system_u:object_r:pcp_pmlogger_exec_t:s0 So I think there are two choices for pcp: 1. add 'BuildRequires: pcp-selinux' 2. opt out of the hardlinking by adding '%undefine __os_install_post_hardlink'
Thanks Zbigniew, I passed the information to the upstream, for further discussion. https://github.com/performancecopilot/pcp/pull/2404#issuecomment-3501739477
Upstream issue was resolved Nov 9 2025. Can this be closed here?
I am sorry Zbyszek for not updating this BZ. Yes, the issue has been fixed in the PCP upstream () and can be closed.