This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 739942 - SELinux: return error codes on policy load failure
SELinux: return error codes on policy load failure
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel (Show other bugs)
6.3
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Eric Paris
Red Hat Kernel QE team
:
Depends On:
Blocks: 6.2KnownIssues 767187
  Show dependency treegraph
 
Reported: 2011-09-20 10:07 EDT by Karel Srot
Modified: 2013-10-01 16:45 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-01 16:45:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
strace -f semanage log (334.75 KB, application/x-gzip)
2011-09-20 10:07 EDT, Karel Srot
no flags Details

  None (edit)
Description Karel Srot 2011-09-20 10:07:27 EDT
Created attachment 524040 [details]
strace -f semanage log

Description of problem:

When policy load fails, semanage is not notified and exits with 0.
User is not notified that the new policy was not loaded.

This was a bug upstream fixed by:

commit a200005038955057063fc8ea82129ebc785df41c
Author: Eric Paris <eparis@redhat.com>
Date:   Tue Apr 20 10:29:42 2010 -0400

    SELinux: return error codes on policy load failure
    
    policy load failure always return EINVAL even if the failure was for some
    other reason (usually ENOMEM).  This patch passes error codes back up the
    stack where they will make their way to userspace.  This might help in
    debugging future problems with policy load.

Version-Release number of selected component (if applicable):


How reproducible:
sometimes


Steps to Reproduce:
update policy (with semanage) on a system with small amount of memory (probably).
  
Actual results:
semanage fails to update policy but returns exit code 0

console log:
SELinux: 2048 avtab hash slots, 220644 rules.
SELinux: 2048 avtab hash slots, 220644 rules.
SELinux:  9 users, 13 roles, 3546 types, 176 bools, 1 sens, 1024 cats
SELinux:  81 classes, 220644 rules
load_policy: page allocation failure. order:1, mode:0x20
CPU: 1 Not tainted 2.6.32-195.el6.s390x #1
Process load_policy (pid: 2521, task: 0000000002604890, ksp: 0000000000883298)
00000000008836f0 0000000000883670 0000000000000002 0000000000000000 
       0000000000883710 0000000000883688 0000000000883688 00000000004cb8c0 
       000000001fe455ee 0000000000000000 0000000000000020 0000000000000000 
       000000000000000d 000000000000000c 00000000008836e0 0000000000000000 
       0000000000000000 00000000001051bc 0000000000883670 00000000008836b0 
Call Trace:
([<00000000001050bc>] show_trace+0xe8/0x138)
 [<0000000000206382>] __alloc_pages_nodemask+0x80a/0xa40
 [<000000000024369a>] cache_alloc_refill+0x3e2/0x6d8
 [<0000000000243e46>] __kmalloc+0x19a/0x1bc
 [<000000000031eff4>] selinux_set_mapping.clone.1+0x98/0x2a8
 [<000000000031f39c>] security_load_policy+0x198/0x4b0
 [<000000000030b3a8>] sel_write_load+0xfc/0x7d8
 [<0000000000255830>] vfs_write+0xa0/0x1a0
 [<0000000000255a32>] SyS_write+0x5a/0xac
 [<000000000011863c>] sysc_tracego+0xe/0x14
 [<000003fffd5277f4>] 0x3fffd5277f4
Mem-Info:
DMA per-cpu:
CPU    0: hi:  186, btch:  31 usd:   0
CPU    1: hi:  186, btch:  31 usd:   4
active_anon:49605 inactive_anon:49618 isolated_anon:0
 active_file:674 inactive_file:688 isolated_file:0
 unevictable:913 dirty:0 writeback:0 unstable:0
 free:800 slab_reclaimable:1845 slab_unreclaimable:14760
 mapped:1158 shmem:36 pagetables:463 bounce:0
DMA free:3200kB min:2876kB low:3592kB high:4312kB active_anon:198420kB inactive_anon:198472kB active_file:2696kB inactive_file:2752kB unevictable:3652kB isolated(anon):0kB isolated(file):0kB present:517120kB mlocked:0kB dirty:0kB writeback:0kB mapped:4632kB shmem:144kB slab_reclaimable:7380kB slab_unreclaimable:59040kB kernel_stack:2640kB pagetables:1852kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0
DMA: 672*4kB 0*8kB 32*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB = 3200kB
3691 total pagecache pages
1369 pages in swap cache
Swap cache stats: add 25471, delete 24102, find 144/315
Free swap  = 919948kB
Total swap = 1015800kB
131072 pages RAM
5212 pages reserved
4225 pages shared
122062 pages non-shared


"strace -f semanage .." atached
Comment 5 RHEL Product and Program Management 2011-12-12 23:43:02 EST
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 9 RHEL Product and Program Management 2012-07-10 02:51:22 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 10 RHEL Product and Program Management 2012-07-10 19:28:52 EDT
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 11 RHEL Product and Program Management 2012-12-14 02:19:18 EST
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 12 Eric Paris 2013-10-01 16:45:47 EDT
I am going to close this as WONTFIX.  It is annoying to always get the same EINVAL, but the fix is large and a failure is a failure.  If this presents a particular problem, please feel free to reopen.

Note You need to log in before you can comment on or make changes to this bug.