600690 – broken SELinux AVCs on XFS partition when running xfsdump

Bug 600690 - broken SELinux AVCs on XFS partition when running xfsdump

Summary: broken SELinux AVCs on XFS partition when running xfsdump

Keywords:
Status:	CLOSED DUPLICATE of bug 662344
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	13
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	662344
TreeView+	depends on / blocked

Reported:	2010-06-05 16:20 UTC by Cristian Ciupitu
Modified:	2010-12-17 20:46 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Clone Of:
Clones:	662344 (view as bug list)
Environment:
Last Closed:	2010-12-17 20:46:45 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Cristian Ciupitu 2010-06-05 16:20:07 UTC

Description of problem:
xfsdump generates some broken SELinux AVCs when running on my XFS /home partition. This is the same partition I've used in Fedora 12 and older, so some of the files were created a long time ago, but on the other hand I've rebooted with /.autorelabel a couple of times, since installing Fedora 13.

ls -ldZ says this about one of the files:
drwxrwxr-x. ciupicri ciupicri unconfined_u:object_r:user_home_t:s0 ./3rdparty-projects/django/tests/modeltests/m2o_recursive2/.svn/tmp


Version-Release number of selected component (if applicable):
kernel-2.6.33.5-112.fc13.x86_64.rpm
selinux-policy-3.7.19-21.fc13.noarch.rpm
selinux-policy-targeted-3.7.19-21.fc13.noarch.rpm
xfsdump-3.0.4-1.fc13.x86_64.rpm


How reproducible:
Every time.


Steps to Reproduce:
1. xfsdump -l 0 -e -p 5 -f /media/SG1-personal/home.xfsdump /home

  
Actual results:
Lots of errors like this:
"xfsdump: WARNING: unable to open directory: ino 704668552: Permission denied"

SELinux denials:
time->Sat Jun  5 18:19:42 2010
type=SYSCALL msg=audit(1275751182.020:25706): arch=c000003e syscall=16 success=no exit=-13 a0=6 a1=ffffffffc038586b a2=7fff1e4804a0 a3=6 items=0 ppid=2980 pid=3006 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="xfsdump" exe="/sbin/xfsdump" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1275751182.020:25706): avc:  denied  { 0x400000 } for  pid=3006 comm="xfsdump" name="" dev=dm-1 ino=37436486 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file


Expected results:
No errors or at least a valid human readable permission instead of some hex.


Additional info:
This bug is similar with bug #576207, so it might be a duplicate.

Comment 1 Cristian Ciupitu 2010-07-24 20:04:35 UTC

The bug is still present in kernel-2.6.33.6-147.fc13.x86_64.rpm and selinux-policy-3.7.19-39.fc13.noarch.rpm.

If I set SELinux to permissive mode by running "setenforce 0", xfsdump seems to work fine (no errors printed).

Comment 2 Eric Sandeen 2010-12-17 20:46:45 UTC


*** This bug has been marked as a duplicate of bug 662344 ***

Note You need to log in before you can comment on or make changes to this bug.