Bug 356311 - SELinux does not allow cp -a over NFS
SELinux does not allow cp -a over NFS
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
i686 Linux
low Severity low
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-29 07:36 EDT by Andrew Haley
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-12 06:31:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrew Haley 2007-10-29 07:36:46 EDT
Description of problem:

With an NFS mounted home directory and use_nfs_home_dirs --> on

zorro:~ $ echo poo > a
zorro:~ $ cat a
zorro:~ $ cp -a a b
zorro:~ $ echo $?
zorro:~ $ cat b
zorro:~ $ ls -l b
-rw-r--r-- 1 aph aph 0 2007-10-29 11:33 b

The failure is when "cp -a" tries to set the attrs:

fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1
EOPNOTSUPP (Operation not supported)

Kernel is 2.6.23-0.214.rc8.git2.fc8
Comment 1 Daniel Walsh 2007-10-29 23:49:22 EDT
Did you get any avc messages?
Comment 3 Daniel Walsh 2007-10-30 06:33:40 EDT
Do you have setroubleshoot installed?   avc messages are written in
/var/log/audit/audit.log if you have audit running and /var/log/messages if not.
Comment 4 Andrew Haley 2007-10-30 06:45:08 EDT
I just installed setroubleshoot.

There is no message in /var/log/audit/audit.log or /var/log/messages.

I just get

fsetxattr(4, "security.selinux", "system_u:object_r:nfs_t:s0", 27, 0) = -1
EOPNOTSUPP (Operation not supported)
 and the cp fails.
Comment 5 Daniel Walsh 2007-11-10 08:12:24 EST
I think this is similar to another bug in coreutils.
Comment 6 Ondrej Vasik 2007-11-12 04:24:52 EST
I know about this similarity, similar bug #219900 is already fixed, I think that
the build which fixes #219900 will fix that one bug too, but I'd like to check
it before I'll close this bug.
Comment 7 Ondrej Vasik 2007-11-12 05:00:31 EST
The difference between #219900 and this bug is that from the report it seems
that the error occured during first write to file(that b was not existing before
cp -a) - if the b file existed then the bug is same as #219900 and I can close
it. So need info from reporter - could you reproduce it with
coreutils-6.9-11.fc9, coreutils-6.9-9.fc8 , coreutils-6.9-5.fc7 or any later
coreutils package? Or could you confirm that the file "b" existed before "cp -a
a b" command? Thanks
Comment 8 Andrew Haley 2007-11-12 06:21:30 EST
This seems now to be fixed with coreutils-6.9-9.fc8.

Comment 9 Ondrej Vasik 2007-11-12 06:31:07 EST
Ok, closing RAWHIDE.

Note You need to log in before you can comment on or make changes to this bug.