Public bug reported:
System call lsetfilecon in the guest fails, it worked when the host ran
Groovy.
How to repeat/test virtiofs lsetfilecon regression that breaks dpkg,
prevents upgrades/fixes.
In the guest, for example fedora:
[root@registry1 ~]# getenforce
Permissive
[root@registry1 ~]# cat lsetfilecon.c
#include <selinux/selinux.h>
#include <stdio.h>
#include <errno.h>
void perror(const char *s);
int main(int argc,char *argv[]){
int i;
i= lsetfilecon("/usr/bin/rngtest","system_u:object_r:bin_t:s0");
//i= lsetfilecon("/usr/bin/rngtest;60b9120b","system_u:object_r:bin_t:s0");
printf("ret %lx\n",i);
perror("\n");
return 0;
}
[root@registry1 ~]# gcc lsetfilecon.c -lselinux -o lsetfilecon
[root@registry1 ~]# ./lsetfilecon
ret ffffffff
: Operation not permitted
[root@registry1 ~]# ls -l /usr/bin/rngtest
-rwxr-xr-x. 1 root root 21176 Apr 27 18:26 /usr/bin/rngtest
[root@registry1 ~]# uname -a
Linux registry1.xxxx 5.11.19-300.fc34.x86_64 #1 SMP Fri May 7 14:17:15 UTC 2021
x86_64 x86_64 x86_64 GNU/Linux
On the ubuntu hirsuite host:
root@noc1:/vmsystems/registry1/usr/bin# getfattr -m - -d rngtest
# file: rngtest
security.selinux="system_u:object_r:bin_t:s0"
ls -l rngtest
-rwxr-xr-x. 1 root root 21176 Apr 27 18:26 rngtest
#/usr/lib/qemu/virtiofsd --version
using FUSE kernel interface version 7.32
#uname -a
5.11.0-18-generic #19-Ubuntu SMP Fri May 7 14:22:03 UTC 2021 x86_64 x86_64
x86_64 GNU/Linux
** Affects: qemu (Ubuntu)
Importance: Undecided
Status: New
** Tags: virtiofs
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930756
Title:
regression: virtiofsd in qemu-system-common fails selinux related
xattr
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1930756/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
