527142 – chcon aborts on a selinux disabled system

Bug 527142 - chcon aborts on a selinux disabled system

Summary: chcon aborts on a selinux disabled system

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	coreutils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Ondrej Vasik
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-04 22:22 UTC by Yanko Kaneti
Modified:	2009-10-05 14:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-10-05 07:43:09 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
aborting chcon strace (3.97 KB, text/plain) 2009-10-05 14:07 UTC, Yanko Kaneti	no flags	Details
View All

Description Yanko Kaneti 2009-10-04 22:22:22 UTC

Description of problem:
mock always runs chcon as part of it build root setup. Something along the lines of 
chcon --reference=/dev/ptmx /var/lib/mock/fedora-10-x86_64/root/dev/ptmx , ignoring an exit status or the lack of chcon.

On a selinux disabled system this aborts, leaving core files lying around.
As far as I can see chcon is of no use when running on a system with selinux disabled. Aborting seems inappropiate. Perhaps

--- a/src/chcon.c
+++ b/src/chcon.c
@@ -519,6 +519,9 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
+  if (is_selinux_enabled () != 1)
+    error (EXIT_FAILURE, 0,_("chcon may be used only on a SELinux enabled kernel"));
+                 
   if (reference_file)
     {
       if (getfilecon (reference_file, &ref_context) < 0)

or some similar graceful failure, like other selinux related tools.

Comment 1 Ondrej Vasik 2009-10-05 06:51:16 UTC

Thanks for report, sounds reasonable. CC'ing upstream, as the problem exists there as well.

Comment 2 Ondrej Vasik 2009-10-05 07:00:56 UTC

Personally, I would prefer this hunk - and to not hardcode program_name in runcon as well. But that's just cosmetic thing.

--- a/src/chcon.c
+++ b/src/chcon.c
@@ -519,6 +519,10 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
+  if (is_selinux_enabled () != 1)
+    error (EXIT_FAILURE, 0,
+           _("%s may be used only on a SELinux kernel"), program_name);
+
   if (reference_file)
     {
       if (getfilecon (reference_file, &ref_context) < 0)

Comment 3 Ondrej Vasik 2009-10-05 07:43:09 UTC

Fixed and built as coreutils-7.6-7.fc13 , closing RAWHIDE.

Comment 4 Jim Meyering 2009-10-05 08:12:31 UTC

thanks for the report and patch.

Yanko, can you tell me how to reproduce it?
I tried both on a bare-metal SELinux "Disabled" system and in the mock chroot on a rawhide SELinux-enabled system.  In each case, chcon did not abort.

Here's how I tried to reproduce the failure using mock:

$ mock -r fedora-10-x86_64 --init
...
$ SHELL=/bin/bash mock -r fedora-10-x86_64 --shell
INFO: mock.py version 0.9.17 starting...
State Changed: init plugins
State Changed: start
State Changed: lock buildroot
mock-chroot> chcon --reference=/dev/ptmx /dev/ptmx
mock-chroot> touch tmp/f
mock-chroot> chcon --reference=/dev/ptmx /tmp/f
chcon: failed to change context of `/tmp/f' to `system_u:object_r:ptmx_t:s0': Permission denied

Comment 5 Yanko Kaneti 2009-10-05 08:34:19 UTC

By selinux disabled I mean SELINUX=disabled in /etc/sysconfig/selinux 
Here it aborts. All the files on the system appear "unlabeled" 

# ls -Z /dev/ptmx 
crw-rw-rw- root tty unlabeled                        /dev/ptmx

and chcon aborts in 

      /* FIXME: this should be done exactly once, in main.  */
      context = context_new (specified_context);
      if (!context)
          abort ();

# touch /tmp/f
# chcon --reference=/dev/ptmx /tmp/f
Aborted

Comment 6 Jim Meyering 2009-10-05 09:14:23 UTC

Yanko,

Thanks for the details.
However, what version of chcon are you using?
Please run these:

  rpm -q coreutils
  chcon --version

On a system configured like that, I get different behavior from ls -Z than what you report, as well as from chcon:

# getenforce
Disabled
# touch /tmp/f
# chcon --reference=/dev/ptmx /tmp/f
chcon: failed to get security context of `/dev/ptmx': Operation not supported
[Exit 1]
# /bin/ls -Z /tmp/f
-rw-r--r-- root root ?                                /tmp/f
#

The above is with coreutils-7.2-4.fc11.x86_64.
With 7.6.63-addb6, ls -Z works differently:

  $ ./ls -Z /tmp/f
  ? /tmp/f

But chcon still works properly:

  # ./chcon --reference=/dev/ptmx /tmp/f
  ./chcon: failed to get security context of `/dev/ptmx': Operation not supported

Comment 7 Yanko Kaneti 2009-10-05 09:29:14 UTC

This is rawhide i686
# uname -r
2.6.31.1-56.fc12.i686.PAE
# rpm -q coreutils
coreutils-7.6-5.fc12.i686
# chcon --version 
chcon (GNU coreutils) 7.6
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Russell Coker and Jim Meyering.
# getenforce 
Disabled
# sestatus 
SELinux status:                 disabled

Comment 8 Jim Meyering 2009-10-05 13:56:24 UTC

That is odd, indeed.
Yanko, would you please run the losing chcon invocation under strace and post the log, i.e,.

touch /tmp/f
strace -o log chcon --reference=/dev/ptmx /tmp/f

Then send the file, "log".

Comment 9 Yanko Kaneti 2009-10-05 14:07:01 UTC

Created attachment 363674 [details]
aborting chcon strace

Comment 10 Jim Meyering 2009-10-05 14:28:01 UTC

Thanks.

That confirmed my theory:

getxattr("/dev/ptmx", "security.selinux", "unlabeled", 255) = 10

I was just remembering that there were hoops in ls.c that required
similar work-around, since getfilecon can succeed, yet produce this bogus-looking context string, "unlabeled".

Note You need to log in before you can comment on or make changes to this bug.