Bug 814933 - emacs cannot edit files with selinux contexts mounted using guestmount
emacs cannot edit files with selinux contexts mounted using guestmount
Status: CLOSED DUPLICATE of bug 691389
Product: Virtualization Tools
Classification: Community
Component: libguestfs (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard W.M. Jones
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-21 07:39 EDT by Richard W.M. Jones
Modified: 2012-04-21 10:54 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-21 10:54:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Richard W.M. Jones 2012-04-21 07:39:51 EDT
Description of problem:

Mount an image with guestmount (note the --selinux option makes
no difference):

  mkdir /tmp/mnt
  guestmount -a disk.img -i [--selinux] /tmp/mnt

Now edit a file like /etc/shadow in the disk image:

  emacs -nw /tmp/mnt/etc/shadow

When you come to save it, emacs complains:

  Doing lsetfilecon: operation not supported, /tmp/mnt/etc/shadow

and refuses to save the file.

Version-Release number of selected component (if applicable):

1.17.32

How reproducible:

100%
Comment 1 Richard W.M. Jones 2012-04-21 08:43:33 EDT
lsetfilecon is a library function in selinux:

  int lsetfilecon_raw(const char *path, const security_context_t context)
  {
        return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
                         0);
  }

  int lsetfilecon(const char *path, const security_context_t context)
  {
        int ret;
        security_context_t rcontext;

        if (selinux_trans_to_raw_context(context, &rcontext))
                return -1;

        ret = lsetfilecon_raw(path, rcontext);

        freecon(rcontext);

        return ret;
  }

strace confirms this:

chmod("/tmp/mnt/etc/shadow", 0200)      = 0
lgetxattr("/tmp/mnt/etc/shadow", "security.selinux", "system_u:object_r:fusefs_t:s0", 255) = 30
lsetxattr("/tmp/mnt/etc/shadow", "security.selinux", "system_u:object_r:fusefs_t:s0", 30, 0) = -1 EOPNOTSUPP (Operation not supported)

So it's more accurate to say that 'lsetxattr' doesn't
work in guestmount.

We do implement this in guestmount, so it's not entirely
clear why it doesn't work / isn't being called.
Comment 2 Richard W.M. Jones 2012-04-21 10:54:28 EDT

*** This bug has been marked as a duplicate of bug 691389 ***

Note You need to log in before you can comment on or make changes to this bug.