Bug 609173 - Conflicting files reported during auto relabel
Conflicting files reported during auto relabel
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-29 11:02 EDT by David Kutálek
Modified: 2012-10-16 06:57 EDT (History)
2 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-29.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-10 16:35:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Kutálek 2010-06-29 11:02:05 EDT
Description of problem:

During autorelabel of my filesystem (using touch /.autorelabel ; reboot), some conflicted files (or policies for files) were reported. Unfortunately I cannot find precise log in /var/log anywhere, but it was about these two files:

[root@timothy dkutalek]# ls -lZ /usr/lib/debug/usr/libexec/getconf/*
-r--r--r--. root root system_u:object_r:bin_t:s0       /usr/lib/debug/usr/libexec/getconf/POSIX_V6_LP64_OFF64.debug
-r--r--r--. root root system_u:object_r:bin_t:s0       /usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug

Probably one more file like 'default.debug' from the same directory was mentioned, but is not present on my filesystem now.
---

Version-Release number of selected component (if applicable):

selinux-policy-3.7.19-27.el6.noarch
glibc-debuginfo-2.12-1.3.el6.x86_64

How reproducible:

Don't know, happened during autorelabeling of my filesystem.
Not tried it again so far. Can do that if needed.

Steps to Reproduce:
1. Try to autorelabel filesystem, having above mentioned packages installed.
  
Actual results:

Some error messages.

Expected results:

No error messages.

Additional info:
Comment 1 RHEL Product and Program Management 2010-06-29 11:03:14 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 2 Daniel Walsh 2010-06-29 11:38:01 EDT
Are these files hard links to some other directory?

ls -l /usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug
Comment 3 David Kutálek 2010-06-29 12:23:08 EDT
Yes, these three files are hardlinked together:

[root@timothy ~]# find / -inum 936231
/usr/lib/debug/usr/bin/getconf.debug
/usr/lib/debug/usr/libexec/getconf/POSIX_V7_LP64_OFF64.debug
/usr/lib/debug/usr/libexec/getconf/POSIX_V6_LP64_OFF64.debug

So the first one is probably that third file mentioned in my first comment as 'default.debug' - probably badly remembered.

David
Comment 4 Miroslav Grepl 2010-06-30 02:20:57 EDT
David,
could you try to execute

# semanage fcontext -a -e /usr/lib/debug/usr/bin /usr/lib/debug/usr/libexec
# restorecon -R -v /usr/lib/debug/usr/libexec
# fixfiles check
Comment 5 David Kutálek 2010-06-30 08:12:17 EDT
(In reply to comment #4)

[root@timothy dkutalek]# semanage fcontext -a -e /usr/lib/debug/usr/bin /usr/lib/debug/usr/libexec
[root@timothy dkutalek]# restorecon -R -v /usr/lib/debug/usr/libexec
restorecon reset /usr/lib/debug/usr/libexec context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/perf.2.6.32-37.el6.x86_64.debug context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/getconf context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
restorecon reset /usr/lib/debug/usr/libexec/qemu-kvm.debug context system_u:object_r:lib_t:s0->system_u:object_r:bin_t:s0
[root@timothy dkutalek]# fixfiles check
/sbin/setfiles reset /dev/tty2 context unconfined_u:object_r:user_tty_device_t:s0->system_u:object_r:tty_device_t:s0
[root@timothy dkutalek]# 

This can be perhaps also useful:

[root@timothy dkutalek]# rpm -qf /usr/lib/debug/usr/bin/getconf.debug
glibc-debuginfo-2.12-1.3.el6.x86_64
Comment 6 Miroslav Grepl 2010-06-30 08:24:56 EDT
Thanks. I am seeing the same issue. The problem are hard links. I am fixing the label.
Comment 7 Miroslav Grepl 2010-06-30 09:12:00 EDT
Fixed in selinux-policy-3.7.19-29.el6
Comment 11 releng-rhel@redhat.com 2010-11-10 16:35:00 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.