[Bug 1769301] Re: useradd fails when selinux is set to permissive

[Andreas Florath]

In libselinux the setfscreatecon() function is implemented - which might
be the root cause of the problem.

** Package changed: shadow (Ubuntu) => libselinux (Ubuntu)

** Summary changed:

- useradd fails when selinux is set to permissive
+ resetting /proc/thread-self/attr/fscreate results in 'Invalid Argument'

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769301

Title:
  resetting /proc/thread-self/attr/fscreate results in 'Invalid
  Argument'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1769301/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1769301] Re: useradd fails when selinux is set to permissive

[Andreas Florath]

It looks that the root cause affects multiple packages.

Observations: programs like lvchange have a similar problem:

# lvresize -L +1M /dev/mapper/vg-home
  SELinux context reset: setfscreatecon failed: Invalid argument
  SELinux context reset: setfscreatecon failed: Invalid argument
...

It looks that the problem might be in the libselinux (procattr.c
setprocattrcon_raw):

ret = write(fd, NULL, 0);   /* clear */

This always returns 'Invalid argument'.

I was not able to reproduce this with standard system tools (echo, cat, tee, 
...).
Therefore I wrote some lines of C (attached):

root@ubuntu:~# strace -f ./w2 
...
openat(AT_FDCWD, "/proc/thread-self/attr/fscreate", O_RDWR|O_CLOEXEC) = 3
write(3, NULL, 0)   = -1 EINVAL (Invalid argument)
dup(2)  = 4
fcntl(4, F_GETFL)   = 0x2 (flags O_RDWR)
brk(NULL)   = 0x55af7b32a000
brk(0x55af7b34b000) = 0x55af7b34b000
fstat(4, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(4, "write: Invalid argument\n", 24write: Invalid argument
) = 24
close(4)= 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid()= 10408
gettid()= 10408
tgkill(10408, 10408, SIGABRT)   = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=10408, si_uid=0} ---
+++ killed by SIGABRT +++
Aborted

I have no idea if this write(fd, NULL, 0) should work to reset the
attribute (then it might be a kernel /proc problem) or if the library
needs to use another mechanism to reset the content.


** Attachment added: "w2.c"
   
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1769301/+attachment/5134236/+files/w2.c

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1769301

Title:
  resetting /proc/thread-self/attr/fscreate results in 'Invalid
  Argument'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1769301/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs