Bug in selinux on ubuntu 16.04 with kernel 4.15.0-34
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
Bionic |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Hello, just found a bug in selinux.
Whats going wrong:
Copy a link with "-a" option while selinux is on.
steps to reproduce:
~$ mkdir -p a/b
~$ ln -s b a/c
~$ cp -a a b
cp: failed to restore the default file creation context: Invalid argument
Results of my investigation:
The "cp" of coreutils is calling "setfscreatecon (NULL)" to restore the default file creation context (coreutils-
As we see in the result of strace below, the kernel returns an -1 on try to restore the default file creation context. So in my opinion is the bug has to be in the selinux_setprocattr method in the security/
Part of "strace cp -a a b"
lgetxattr("a/c", "security.selinux", "system_
readlink("a/c", "b", 2) = 1
symlink("b", "b/a/c") = 0
open("/
write(3, NULL, 0) = -1 EINVAL (Invalid argument)
close(3) = 0
open("/
fstat(3, {st_mode=
read(3, "# Locale name alias data base.\n#"..., 4096) = 2995
read(3, "", 4096) = 0
close(3)
description: | updated |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
status: | Confirmed → Incomplete |
status: | Incomplete → Triaged |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | Triaged → In Progress |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu): | |
assignee: | nobody → Joseph Salisbury (jsalisbury) |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Confirmed |
Changed in linux (Ubuntu): | |
status: | In Progress → Confirmed |
assignee: | Joseph Salisbury (jsalisbury) → nobody |
Changed in linux (Ubuntu Bionic): | |
assignee: | Joseph Salisbury (jsalisbury) → nobody |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1794067
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.