Description of problem: Version-Release number of selected component (if applicable): policycoreutils-2.0.57-14.fc10.i386 How reproducible: Try restart sendmail: Steps to Reproduce: 1. sudo make -C /etc/mail restart 2. 3. Actual results: /sbin/restorecon generate coredump. Expected results: Will restart sendmail. Additional info: # gdb /sbin/restorecon core.* ... Core was generated by `/sbin/restorecon /var/run/sm-client.pid'. Program terminated with signal 11, Segmentation fault. [New process 18690] #0 0x400171eb in call_init () at dl-init.c:70 70 init (argc, argv, env); (gdb) bt #0 0x400171eb in call_init () at dl-init.c:70 #1 _dl_init (main_map=0x40029658, argc=2, argv=0xbfef1984, env=0xbfef1990) at dl-init.c:134 #2 0x4000788f in _dl_start_user () from /lib/ld-linux.so.2 (gdb)
This seems like it might be caused by a lower layer library. I have not heard of restorecon crashing for any reason.
Does restorecon crash all the time or just when run within this make?
yes: # sudo /sbin/restorecon /var/run/sm-client.pid [1] 21507 segmentation fault (core dumped) sudo /sbin/restorecon /var/run/sm-client.pid #
What does # id -Z Show? Does this happen in permissive mode?
# id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 #
Does this happen if you are in permissive mode? # setenforce 0 # sudo /sbin/restorecon /var/run/sm-client.pid Could you also get the output from # sudo strace /sbin/restorecon /var/run/sm-client.pid
Also please attach the contents of /etc/selinux/targeted/contexts/files/ Might be something here causing the problem. Does matchpatchcon /var/run/sm-client.pid work?
Hm. After enforcing to permissive mode (though it already was), all began to work normally. Just in case I attach strace log and content of /etc/selinux/targeted/contexts/files/. # matchpathcon /var/run/sm-client.pid /var/run/sm-client.pid system_u:object_r:sendmail_var_run_t:s0 #
Created attachment 328349 [details] Strace log and content of /etc/selinux/targeted/contexts/files
So are you saying this blows up in enforcing mode and not in permissive mode? I think you have a labeling problem, I would put the machine in permissive mode and the run # fixfiles restore