Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1359425

Summary: [abrt] libselinux: write_binary_file(): sefcontext_compile killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Peter "Pessoft" Kolínek <pessoft>
Component: libselinuxAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: dwalsh, mgrepl, plautrba, vmojzis
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/4222207ed602ee8b8ba6306ffdf4e512f417677b
Whiteboard: abrt_hash:5299a465444257bb3467dc481b860f7a35a8f5fb;VARIANT_ID=workstation;
Fixed In Version: libselinux-2.5-12.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-10 17:43:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Peter "Pessoft" Kolínek 2016-07-23 22:44:05 UTC
Description of problem:
Can be reproduced by executing:
semanage fcontext -a -t var_t '/myvar/*'

Version-Release number of selected component:
libselinux-2.5-9.fc24

Additional info:
reporter:       libreport-2.7.2
backtrace_rating: 4
cmdline:        /sbin/sefcontext_compile /etc/selinux/targeted/contexts/files/file_contexts.local
crash_function: write_binary_file
environ:        
executable:     /usr/sbin/sefcontext_compile
global_pid:     10001
kernel:         4.6.3-300.fc24.x86_64
pkg_fingerprint: 73BD E983 81B4 6521
pkg_vendor:     Fedora Project
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 write_binary_file at sefcontext_compile.c:243

Comment 1 Peter "Pessoft" Kolínek 2016-07-23 22:44:12 UTC
Created attachment 1183195 [details]
File: backtrace

Comment 2 Peter "Pessoft" Kolínek 2016-07-23 22:44:14 UTC
Created attachment 1183196 [details]
File: cgroup

Comment 3 Peter "Pessoft" Kolínek 2016-07-23 22:44:15 UTC
Created attachment 1183197 [details]
File: core_backtrace

Comment 4 Peter "Pessoft" Kolínek 2016-07-23 22:44:17 UTC
Created attachment 1183198 [details]
File: dso_list

Comment 5 Peter "Pessoft" Kolínek 2016-07-23 22:44:19 UTC
Created attachment 1183199 [details]
File: exploitable

Comment 6 Peter "Pessoft" Kolínek 2016-07-23 22:44:20 UTC
Created attachment 1183200 [details]
File: limits

Comment 7 Peter "Pessoft" Kolínek 2016-07-23 22:44:22 UTC
Created attachment 1183201 [details]
File: maps

Comment 8 Peter "Pessoft" Kolínek 2016-07-23 22:44:23 UTC
Created attachment 1183202 [details]
File: mountinfo

Comment 9 Peter "Pessoft" Kolínek 2016-07-23 22:44:25 UTC
Created attachment 1183203 [details]
File: namespaces

Comment 10 Peter "Pessoft" Kolínek 2016-07-23 22:44:27 UTC
Created attachment 1183204 [details]
File: open_fds

Comment 11 Peter "Pessoft" Kolínek 2016-07-23 22:44:28 UTC
Created attachment 1183205 [details]
File: proc_pid_status

Comment 12 Peter "Pessoft" Kolínek 2016-07-23 22:44:30 UTC
Created attachment 1183206 [details]
File: var_log_messages

Comment 13 Petr Lautrbach 2016-07-24 07:49:12 UTC
Thanks for the report. It needs to be fixed.

However, the reproducer most likely doesn't use a correct expression. FILE_SPEC is processed as PCRE so unless you want ["/myvar", "/myvar/", "/myvar//", "/myvar///", ...]   it should be "/myvar/.*" or "/myvar(/.*)?" depends whether you want "/myvar" in the list or not.

Comment 14 Peter "Pessoft" Kolínek 2016-07-24 09:43:27 UTC
Indeed, FILE_SPEC expression which triggers this issue has been discovered only accidentally, by a typo in the custom script. Correct expression was "/myvar/*".

Comment 15 Peter "Pessoft" Kolínek 2016-07-24 09:44:18 UTC
(In reply to Peter "Pessoft" Kolínek from comment #14)
> Indeed, FILE_SPEC expression which triggers this issue has been discovered
> only accidentally, by a typo in the custom script. Correct expression was
> "/myvar/*".

:) "/myvar/.*"

Comment 16 Vit Mojzis 2016-08-26 13:13:32 UTC
The issue is solved on upstream and the fix will propagate to fedora branch during next rebase.

https://github.com/SELinuxProject/selinux/commit/6e2bdb770f6311060b111e87bd7af653e225be9d

Comment 17 Fedora Update System 2016-10-05 20:29:28 UTC
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef

Comment 18 Fedora Update System 2016-10-06 20:59:00 UTC
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25, secilc-2.5-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef

Comment 19 Fedora Update System 2016-10-10 17:43:45 UTC
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25, secilc-2.5-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.