+++ This bug was initially created as a clone of Bug #600690 +++ Description of problem: xfsdump generates some broken SELinux AVCs when running on my XFS /home partition. This is the same partition I've used in Fedora 12 and older, so some of the files were created a long time ago, but on the other hand I've rebooted with /.autorelabel a couple of times, since installing Fedora 13. ls -ldZ says this about one of the files: drwxrwxr-x. ciupicri ciupicri unconfined_u:object_r:user_home_t:s0 ./3rdparty-projects/django/tests/modeltests/m2o_recursive2/.svn/tmp Version-Release number of selected component (if applicable): kernel-2.6.35.9-64.fc14.x86_64 selinux-policy-3.9.7-14.fc14.noarch selinux-policy-targeted-3.9.7-14.fc14.noarch xfsdump-3.0.4-1.fc13.x86_64 How reproducible: Every time. Steps to Reproduce: 1. xfsdump -l 0 -e -p 5 -f /media/SG1-personal/home.xfsdump /home Actual results: Lots of errors like this: "xfsdump: WARNING: unable to open directory: ino 704668552: Permission denied" SELinux denials: time->Sat Jun 5 18:19:42 2010 type=SYSCALL msg=audit(1275751182.020:25706): arch=c000003e syscall=16 success=no exit=-13 a0=6 a1=ffffffffc038586b a2=7fff1e4804a0 a3=6 items=0 ppid=2980 pid=3006 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="xfsdump" exe="/sbin/xfsdump" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1275751182.020:25706): avc: denied { 0x400000 } for pid=3006 comm="xfsdump" name="" dev=dm-1 ino=37436486 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file Expected results: No errors or at least a valid human readable permission instead of some hex. Additional info: This bug is similar with bug #576207, so it might be a duplicate. If I set SELinux to permissive mode by running "setenforce 0", xfsdump seems to work fine (no errors printed).
> "xfsdump: WARNING: unable to open directory: ino 704668552: Permission denied" XFS is trying to do the open by handle ioctl here xfsctl(path, fsfd, XFS_IOC_OPEN_BY_HANDLE, &hreq); if that's useful. It seems that the files have proper labels on them, yes? Not sure why the AVC seems odd...
This is a result of XFS using directory inodes but having never called d_instantiate() (or more importantly security_d_instantiate()) Figure out where in the XFS code you guys are hooking your dentries to your inodes without calling d_instantiate() fix that, and these will go away....
*** Bug 600690 has been marked as a duplicate of this bug. ***
http://marc.info/?l=linux-fsdevel&m=129013218025665&2=2 Fixes this right up. Not upstream yet. -Eric
kernel-2.6.35.10-69.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/kernel-2.6.35.10-69.fc14
kernel-2.6.35.10-72.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/kernel-2.6.35.10-72.fc14
kernel-2.6.35.10-72.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update kernel'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/kernel-2.6.35.10-72.fc14
kernel-2.6.35.10-72.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
kernel-2.6.34.8-67.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/kernel-2.6.34.8-67.fc13
kernel-2.6.34.8-68.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/kernel-2.6.34.8-68.fc13
kernel-2.6.34.8-68.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.