Bug 445872 - Hard Power Cycle Leaves SELinux Targeted In Funky State
Hard Power Cycle Leaves SELinux Targeted In Funky State
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
i386 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-09 11:09 EDT by Bill Adams
Modified: 2008-07-02 15:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-02 15:37:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Error messages from SELinux on mislabled hosts file (2.43 KB, text/plain)
2008-05-09 11:09 EDT, Bill Adams
no flags Details

  None (edit)
Description Bill Adams 2008-05-09 11:09:53 EDT
Description of problem:

This is a bit obtuse... I use Junipernetworks SSLVPN to get into my work. This
program runs as su root and alters /etc/hosts and /etc/resolve.conf while
connected (and restores them when it cleanly disconnects). 

I had a power-bump (and no UPS on my computer which I'll be getting now). When
my computer rebooted, it hung on sendmail and cups starting. I had to boot into
runlevel 1 and disable them (one at a time) at boot to get my system up into
Xorg. Once in Xorg, I could see the error messages (see attachment).

The bug is that a "mislabeled file" on /etc/hosts prevents the system from
booting. At least cups and sendmail both hung during the boot.



How reproducible:

Not sure, not interested in hard power-cycling my computer to find out unless
someone really wants me to.


Steps to Reproduce:
1. Run sslvpn
2. Unplug computer

  
Actual results:

Hangs on boot (cups, sendmail, anything accessing the mislabeled "hosts" file)


Expected results:

Not sure what the right answer is. Kill programs on boot if they take too long.
Add a script to "/sbin/restorecon -R -v /etc" on boot?
Comment 1 Bill Adams 2008-05-09 11:09:53 EDT
Created attachment 304954 [details]
Error messages from SELinux on mislabled hosts file
Comment 2 Daniel Walsh 2008-05-09 11:24:49 EDT
Some program/script must have copied the hosts file to /tmp and then edited it
and finally mv it back into place causing it to be labeled tmp_t?

Can you look to see if you have such a script?
Comment 3 Bill Adams 2008-05-09 12:58:20 EDT
It is a java program, here is the strace from a connect/disconnect where you can
see how it mucks with hosts and resolve.conf. If you want the full strace, I'll
have to scrub it for private info.

# grep host ~bill/Desktop/sslvpn.log 
[pid  5231] stat64("/usr/share/fonts/default/ghostscript",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  5231] stat64("/usr/share/fonts/default/ghostscript",
{st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid  5231] access("/usr/share/fonts/default/ghostscript/fonts.dir", R_OK) = -1
ENOENT (No such file or directory)
[pid  5256] open("/etc/host.conf", O_RDONLY <unfinished ...>
[pid  5256] <... read resumed> "order hosts,bind\n", 4096) = 17
[pid  5256] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 21
[pid  5256] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 17
[pid  5274] open("/etc/host.conf", O_RDONLY) = 6
[pid  5274] read(6, "order hosts,bind\n", 4096) = 17
[pid  5274] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 6
[pid  5276] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 9
[pid  5276] open("/etc/hosts", O_RDONLY|0x80000 /* O_??? */) = 9
[pid  5274] open("/etc/hosts", O_RDONLY) = 11
[pid  5274] open("/tmp/hosts.new", O_WRONLY|O_CREAT, 0644) = 16
[pid  5274] open("/etc/hosts.bak", O_WRONLY|O_CREAT, 0644) = 17
[pid  5274] write(16, "# BEGIN hosts added by Network C"..., 108) = 108
[pid  5274] rename("/tmp/hosts.new", "/etc/hosts") = 0
[pid  5274] rename("/etc/hosts.bak", "/etc/hosts") = 0
[pid  5274] rename("/etc/hosts.bak", "/etc/hosts") = -1 ENOENT (No such file or
directory)
Comment 4 Daniel Walsh 2008-07-02 15:37:43 EDT
So your choice is to either fix the script or run restorecond and add /etc/hosts
to the /etc/selinux/restorecond.conf file.


Note You need to log in before you can comment on or make changes to this bug.