[Virtio-fs] regression: lsetfilecon fails, breaks rpm, dpkg, dnf in virtiofs guests.

Tue Jun 1 17:33:54 UTC 2021

On Tue, Jun 1, 2021 at 3:02 PM Vivek Goyal <vgoyal at redhat.com> wrote:
> On Sat, May 29, 2021 at 01:42:50PM -0500, Harry G. Coin wrote:
> > Some regression in virtio-fs has led to rpm/dnf/yum failing  in the same
> > guest it previously worked.
> >
> > linux 5.11.19-300.fc34.x86_64
> >
> > Specifically, all attempts to use dnf/yum lead to examples similar to this:
> >
> > Error unpacking rpm package dnf-4.7.0-1.fc34.noarch
> >   Upgrading        :
> > python3-dnf-plugins-core-4.0.21-1.fc34.noarch
> > 8/20
> > error: unpacking of archive failed on file /usr/bin/dnf;60b1b277: cpio:
> > (error 0x2)
> > error: dnf-4.7.0-1.fc34.noarch: install failed
> > error: lsetfilecon: (/etc/dnf/plugins/copr.conf,
> > system_u:object_r:etc_t:s0) Operation not permitted
> > error: Plugin selinux: hook fsm_file_prepare failed
>
> CCing Dan Walsh and Ondrej. They might have an idea.

I believe this was reported in
https://bugzilla.redhat.com/show_bug.cgi?id=1965786 - I put some
comments there, though I'm not sure yet where the problem lies...

>
> Thanks
> Vivek
>
> >
> > (
> >
> > For all packages.  No updates are possible.  Possibly related to:
> > https://github.com/fedora-selinux/selinux-policy/pull/478/files/21a2df26cd605c55de7edc80e16907fcb76ccf08
> > ?  What really gets me, is this error exists even though
> >
> > # getenforce
> > Permissive
> >
> > )
> >
> > The host is running btrfs.  ... virtiofsd --fd=50 -o
> > source=/vmsystems/fedora_generic,xattr,flock,posix_lock
> >
> > same effect with  .... virtiofsd --fd=36 -o
> > source=/vmsystems/dbl1,xattr,flock,no_posix_lock
> >
> > /etc/fstab:
> >
> > myfs / virtiofs seclabel 0 0
> >
> >
> >
> >
> > _______________________________________________
> > Virtio-fs mailing list
> > Virtio-fs at redhat.com
> > https://listman.redhat.com/mailman/listinfo/virtio-fs
>

-- 
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.