Bug 250525 - LVM command output can not be redirected to a text file
Summary: LVM command output can not be redirected to a text file
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: lvm2   
(Show other bugs)
Version: 5.0
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: Milan Broz
QA Contact: Corey Marthaler
Depends On:
TreeView+ depends on / blocked
Reported: 2007-08-02 00:59 UTC by Kevin Joubert
Modified: 2013-03-01 04:05 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-03 09:37:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
strace of problem (201.71 KB, text/plain)
2007-08-02 00:59 UTC, Kevin Joubert
no flags Details

Description Kevin Joubert 2007-08-02 00:59:14 UTC
Description of problem:
When attempting to gather LVM information by redirecting commands to a text 
file, no output is seen. Commands execute perfectly to the screen, but will not 
allow output to go to a file. 

Disabling SE Linux seems to remove the problem. 

Version-Release number of selected component (if applicable):
[root@linux-dl585 ~]# cat /etc/issue
Red Hat Enterprise Linux Server release 5 (Tikanga)
Kernel \r on an \m

[root@linux-dl585 ~]# uname -a
Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:14 EST 2007 
x86_64 x86_64 x86_64 GNU/Linux

[root@linux-dl585 ~]# lvm version
  LVM version:     2.02.16-RHEL5 (2006-12-14)
  Library version: 1.02.13 (2006-11-28)
  Driver version:  4.11.0

How reproducible:

Steps to Reproduce:
1. Execute any lvm command (i.e. pvs, lvdisplay, lvm version, etc. etc.) and 
attempt to redirect output to a text file.

[root@linux-dl585 ~]# pvs
  PV         VG   Fmt  Attr PSize  PFree
  /dev/sda   vg01 lvm2 a-   10.00G    0
  /dev/sdd   vg02 lvm2 ax    1.95G 1.08G
  /dev/sde   vg02 lvm2 ax    1.95G 1.46G
[root@linux-dl585 ~]# pvs > testfile
[root@linux-dl585 ~]# cat testfile
[root@linux-dl585 ~]#

Actual results:
output file is empty.

Expected results:
expected output to be redirected to file. 

Additional info:
strace of problem is attached. It appears that SE Linux is preventing this 
somehow. Disabling SE Linux allows output to be redirected as normal.

Comment 1 Kevin Joubert 2007-08-02 00:59:14 UTC
Created attachment 160484 [details]
strace of problem

Comment 2 Kevin Joubert 2007-08-02 23:06:39 UTC
Additional info from SE Linux troubleshooter, when attempting to run
 "lvm version > /tmp/kevin.txt"
I attempted the "restorecon" suggested workaround on both the file and 
directory with no improvement in the problem. 

    SELinux is preventing the /sbin/lvm.static from using potentially 
    files (/tmp/kevin.txt).

Detailed Description
    SELinux has denied /sbin/lvm.static access to potentially mislabeled file
    (/tmp/kevin.txt).  This means that SELinux will not allow /sbin/lvm.static
    to use these files.  It is common for users to edit files in their home
    directory or tmp directories and then move (mv) them to system directories.
    The problem is that the files end up with the wrong file context which
    confined applications are not allowed to access.

Allowing Access
    If you want /sbin/lvm.static to access this files, you need to relabel them
    using restorecon -v /tmp/kevin.txt.  You might want to relabel the entire
    directory using restorecon -R -v /tmp.

Additional Information        

Source Context                root:system_r:lvm_t:SystemLow-SystemHigh
Target Context                root:object_r:tmp_t
Target Objects                /tmp/kevin.txt [ file ]
Affected RPM Packages         lvm2-2.02.16-3.el5 [application]
Policy RPM                    selinux-policy-2.4.6-30.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     linux-dl585.cxo.hp.com
Platform                      Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP
                              Fri Jan 26 14:15:14 EST 2007 x86_64 x86_64
Alert Count                   3
Line Numbers                  

Raw Audit Messages            

avc: denied { write } for comm="lvm" dev=cciss/c0d0p2 egid=0 euid=0
exe="/sbin/lvm.static" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="kevin.txt"
path="/tmp/kevin.txt" pid=12031 scontext=root:system_r:lvm_t:s0-s0:c0.c1023
sgid=0 subj=root:system_r:lvm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:tmp_t:s0 tty=pts1 uid=0

Comment 3 Kevin Joubert 2007-08-03 00:01:20 UTC
Okay, I have learned enough about SE Linux to determine that his is not a bug 
and is working as intended. I then used the information here:
and the "ausearch" command to create an semodule allowing "lvm" to access 
the /tmp directory. 

Please close this issue. 

Comment 4 Milan Broz 2007-08-03 09:37:19 UTC
Closing per request in comment #3.

Note You need to log in before you can comment on or make changes to this bug.