[sos-devel] plugins/selinux fixfiles options doesn't work as intended
Bryn M. Reeves
bmr at redhat.com
Tue Jan 13 14:36:12 UTC 2015
On Tue, Jan 13, 2015 at 02:22:22PM +0000, John Haxby wrote:
> Hello All,
>
> I was investigating selinux-related problems remotely and thought, ah,
> I remember, sosreport has a fixfiles option for the selinux plugin:
>
> sosreport -o selinux -kselinux.fixfiles
>
> Imagine my disappointment when the fixfiles output in the sosreport
> contained one single and not especially useful line:
This is because:
https://bugzilla.redhat.com/show_bug.cgi?id=955249
I was hoping we might see a fix from the SELinux side (last discussed
~1mo ago) but we've already proposed switching to restorecon due to
this problem:
https://bugzilla.redhat.com/show_bug.cgi?id=955249#c5
Unfortunately SELinux userspace has quite a few problems of this
nature.
> The fixfiles script doesn't work the way sosreport expects. Fixfiles
> writes everything to a log file which, by default, is /dev/tty or
> /dev/null if there is no tty. The following patch, which I hope you
> will find useful, replaces "fixfiles check -v" with "restorecon -Rvn
> 2>/dev/null". For the purposes of sosreport, I don't believe the
> warnings about no default context for a lot of files are useful which
> is why stderr is discarded.
We know (and actually fixfiles does not work the way its maintainer
expects :).
Regards,
Bryn.
More information about the sos-devel
mailing list