Bug 518164 - File system not relabeled despite present file /.autorelabel
Summary: File system not relabeled despite present file /.autorelabel
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-08-19 09:22 UTC by Joachim Frieben
Modified: 2014-03-17 03:19 UTC (History)
6 users (show)

Fixed In Version: selinux-policy-3.6.30-6.fc12.noarch
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-13 21:35:33 UTC


Attachments (Terms of Use)

Description Joachim Frieben 2009-08-19 09:22:22 UTC
Description of problem:
For a current "rawhide" system, the creation of file /.autorelabel after updating packages selinux-policy-* has no effect when rebooting the system.

Version-Release number of selected component (if applicable):
initscripts-8.97-1.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Execute 'touch /.autorelabel'.
2. Reboot system.
  
Actual results:
System starts up without relabeling the file system.

Expected results:
File system gets relabeled.

Additional info:
- Adding option "autorelabel" to kernel options has no effect either.

- Installed packages from the present Koji tree include:
  * kernel-2.6.31-0.162.rc6.git2.fc12.x86_64
  * libselinux-2.0.85-2.fc12.x86_64
  * policycoreutils-*-2.0.71-3.fc12.x86_64
  * selinux-policy-*-3.6.28-1.fc12.noarch

- Content of /etc/sysconfig/selinux reads:

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=permissive
    # SELINUXTYPE= can take one of these two values:
    #       targeted - Targeted processes are protected,
    #       mls - Multi Level Security protection.
    SELINUXTYPE=targeted

Comment 2 Joachim Frieben 2009-09-03 06:32:17 UTC
Issue still present after upgrade to initscripts-8.98-1.x86_64.

Comment 3 Warren Togami 2009-09-08 18:09:53 UTC
rawhide without selinux* packages installed.

cat: /proc/self/attr/current: Invalid argument
                Welcome to Fedora
                Press 'I' to enter interactive startup.
Starting udev:                                             [  OK  ]
Setting hostname localhost.localdomain                     [  OK  ]
Setting up Logical Volume Management:                      [  OK  ]
/etc/rc.d/rc.sysinit: line 488: restorecon: command not found
/etc/rc.d/rc.sysinit: line 488: restorecon: command not found
/etc/rc.d/rc.sysinit: line 488: restorecon: command not found
/etc/rc.d/rc.sysinit: line 488: restorecon: command not found
/etc/rc.d/rc.sysinit: line 488: restorecon: command not found
...

Comment 4 Bill Nottingham 2009-09-08 19:02:31 UTC
Warren: I can't reproduce that at all on a machine where I've removed selinx-policy* and policycoreutils.

Comment 5 Warren Togami 2009-09-08 20:47:03 UTC
selinux=0 ?

Booting without selinux because that is necessary with NFS root.

Comment 6 Bill Nottingham 2009-09-08 21:02:59 UTC
Warren: Please open a separate bug. Thanks.

Comment 7 Joachim Frieben 2009-09-09 08:32:18 UTC
Seems to have been fixed in selinux-policy-3.6.30-6.fc12.noarch. Filesystem got relabeled after updating to latest Koji without a new initscripts package but new selinux-policy-* ones.

Comment 8 Warren Togami 2009-09-09 19:34:29 UTC
Bug #522224 is the problem described in Comment #3.


Note You need to log in before you can comment on or make changes to this bug.