[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 'cannot relabel' miscue on shutdown ....



On Monday 04 April 2005 09:47, Tom London <selinux gmail com> wrote:
> Running targeted/enforcing, latest rawhide.

This one happens under strict as well.

> Each time I halt/reboot, I seem to get a message like the following
> (the 'funny text' varies):

Firstly the method of reproducing this is to kill -1 the top level process.  
For a console login that means killing /bin/login, for a remote login that 
means the sshd for the session in question.  Much easier than rebooting the 
machine to reproduce the bug.  ;)

> Apr  3 11:58:51 localhost su[3659]: Warning!  Could not relabel
> ,\uffff\uff7f\u0661\uffff with user_u:object_r:devpts_t, not
> relabeling.

Here's the strace output from reproducing that:
waitpid(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGHUP}], WSTOPPED) = 26120
setxattr("/dev/pts/1", "security.selinux", "user_u:object_r:user_devpts_t", 
30, ) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
[read locale stuff]
close(3)                                = 0
munmap(0xb7d40000, 4096)                = 0
[try unsuccessfully to open other locale files]
time([1112716582])                      = 1112716582
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=785, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=785, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=785, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 16) = 0
send(3, "<37>Apr  6 01:56:22 su[26119]: Warning!  Could not relabel 
\374\322\360\277)1\307 with user_u:object_r:user_devpts_t, not relabeling.
\n", 119, MSG_NOSIGNAL) = 119

So it seems that the code does the correct thing but just logs bogus data.

The below code from pam-0.78-selinux.patch in the PAM package source seems to 
be the culprit.  If the variable tty already has "/dev/" at the start then 
ttybuf will not be initialised.

+  if(strncmp("/dev/", tty, 5)) {
+    snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);
+    ptr = ttybuf;
+  }
+  else
+    ptr = tty;
+
+  if (setfilecon(ptr, context))
+  {
+      syslog(LOG_NOTICE,
+             _("Warning!  Could not relabel %s with %s, not relabeling.\n"),
+             ttybuf,context);
+  }

I've filed a bugzilla report:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=153711

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]