Description of problem: When attempting to gather LVM information by redirecting commands to a text file, no output is seen. Commands execute perfectly to the screen, but will not allow output to go to a file. Disabling SE Linux seems to remove the problem. Version-Release number of selected component (if applicable): 7 [root@linux-dl585 ~]# cat /etc/issue Red Hat Enterprise Linux Server release 5 (Tikanga) Kernel \r on an \m [root@linux-dl585 ~]# uname -a Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:14 EST 2007 x86_64 x86_64 x86_64 GNU/Linux [root@linux-dl585 ~]# lvm version LVM version: 2.02.16-RHEL5 (2006-12-14) Library version: 1.02.13 (2006-11-28) Driver version: 4.11.0 How reproducible: Steps to Reproduce: 1. Execute any lvm command (i.e. pvs, lvdisplay, lvm version, etc. etc.) and attempt to redirect output to a text file. [root@linux-dl585 ~]# pvs PV VG Fmt Attr PSize PFree /dev/sda vg01 lvm2 a- 10.00G 0 /dev/sdd vg02 lvm2 ax 1.95G 1.08G /dev/sde vg02 lvm2 ax 1.95G 1.46G [root@linux-dl585 ~]# pvs > testfile [root@linux-dl585 ~]# cat testfile [root@linux-dl585 ~]# 2. 3. Actual results: output file is empty. Expected results: expected output to be redirected to file. Additional info: strace of problem is attached. It appears that SE Linux is preventing this somehow. Disabling SE Linux allows output to be redirected as normal.
Created attachment 160484 [details] strace of problem
Additional info from SE Linux troubleshooter, when attempting to run "lvm version > /tmp/kevin.txt" I attempted the "restorecon" suggested workaround on both the file and directory with no improvement in the problem. Summary SELinux is preventing the /sbin/lvm.static from using potentially mislabeled files (/tmp/kevin.txt). Detailed Description SELinux has denied /sbin/lvm.static access to potentially mislabeled file (s) (/tmp/kevin.txt). This means that SELinux will not allow /sbin/lvm.static to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access If you want /sbin/lvm.static to access this files, you need to relabel them using restorecon -v /tmp/kevin.txt. You might want to relabel the entire directory using restorecon -R -v /tmp. Additional Information Source Context root:system_r:lvm_t:SystemLow-SystemHigh Target Context root:object_r:tmp_t Target Objects /tmp/kevin.txt [ file ] Affected RPM Packages lvm2-2.02.16-3.el5 [application] Policy RPM selinux-policy-2.4.6-30.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.home_tmp_bad_labels Host Name linux-dl585.cxo.hp.com Platform Linux linux-dl585.cxo.hp.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:14 EST 2007 x86_64 x86_64 Alert Count 3 Line Numbers Raw Audit Messages avc: denied { write } for comm="lvm" dev=cciss/c0d0p2 egid=0 euid=0 exe="/sbin/lvm.static" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="kevin.txt" path="/tmp/kevin.txt" pid=12031 scontext=root:system_r:lvm_t:s0-s0:c0.c1023 sgid=0 subj=root:system_r:lvm_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=root:object_r:tmp_t:s0 tty=pts1 uid=0
Okay, I have learned enough about SE Linux to determine that his is not a bug and is working as intended. I then used the information here: http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385 and the "ausearch" command to create an semodule allowing "lvm" to access the /tmp directory. Please close this issue.
Closing per request in comment #3.