Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160755 - /sbin/losetup -e blowfish /dev/loop0 /var/local/existing_file # fails
Summary: /sbin/losetup -e blowfish /dev/loop0 /var/local/existing_file # fails
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: util-linux
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-17 05:02 UTC by Stephen P. Schaefer
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-29 09:22:09 UTC


Attachments (Terms of Use)

Description Stephen P. Schaefer 2005-06-17 05:02:32 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
[root@thyrsus-laptop ~]# ls -l /var/local/cdata
-rwx------  1 root root 2097152000 Jun 16 23:37 /var/local/cdata
[root@thyrsus-laptop ~]# lsmod
Module                  Size  Used by
blowfish                9153  0
cryptoloop              3521  0
loop                   18121  1 cryptoloop
radeon                 76609  1
drm                    70101  2 radeon
parport_pc             28933  1
lp                     13001  0
parport                40585  2 parport_pc,lp
autofs4                29253  2
rfcomm                 42333  0
l2cap                  30661  5 rfcomm
bluetooth              56133  4 rfcomm,l2cap
sunrpc                167813  1
pcmcia                 29025  2
ipt_REJECT              5569  1
ipt_state               1857  2
ip_conntrack           41497  1 ipt_state
iptable_filter          2881  1
ip_tables              19521  3 ipt_REJECT,ipt_state,iptable_filter
video                  15941  0
button                  6609  0
battery                 9413  0
ac                      4805  0
md5                     4033  1
ipv6                  268097  10
ohci1394               41353  0
ieee1394              304441  1 ohci1394
yenta_socket           21449  1
rsrc_nonstatic         12737  1 yenta_socket
pcmcia_core            50909  3 pcmcia,yenta_socket,rsrc_nonstatic
ohci_hcd               26849  0
shpchp                 94405  0
i2c_ali1535             7365  0
i2c_core               21569  1 i2c_ali1535
snd_ali5451            28933  1
snd_ac97_codec         75961  1 snd_ali5451
snd_seq_dummy           3653  0
snd_seq_oss            37057  0
snd_seq_midi_event      9153  1 snd_seq_oss
snd_seq                62289  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device          8781  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            51185  0
snd_mixer_oss          17857  1 snd_pcm_oss
snd_pcm               100169  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
snd_timer              33605  2 snd_seq,snd_pcm
snd                    57157  11 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              10913  1 snd
snd_page_alloc          9669  1 snd_pcm
natsemi                34849  0
floppy                 65269  0
joydev                  9601  0
dm_snapshot            17413  0
dm_zero                 2113  0
dm_mirror              26029  0
ext3                  132553  2
jbd                    86233  1 ext3
dm_mod                 58101  6 dm_snapshot,dm_zero,dm_mirror
[root@thyrsus-laptop ~]# /sbin/losetup -e blowfish /dev/loop0 /var/local/cdata
/var/local/cdata: Permission denied


Version-Release number of selected component (if applicable):
util-linux-2.12p-9.3; selinux-policy-targeted-1.23.16-6

How reproducible:
Always

Steps to Reproduce:
1. [root@thyrsus-laptop ~]# ls -l /var/local/cdata
-rwx------  1 root root 2097152000 Jun 16 23:37 /var/local/cdata
2. [root@thyrsus-laptop ~]# lsmod # blowfish, cryptoloop, loop modules loaded
Module                  Size  Used by
blowfish                9153  0
cryptoloop              3521  0
loop                   18121  1 cryptoloop
radeon                 76609  1
drm                    70101  2 radeon
parport_pc             28933  1
lp                     13001  0
parport                40585  2 parport_pc,lp
autofs4                29253  2
rfcomm                 42333  0
l2cap                  30661  5 rfcomm
bluetooth              56133  4 rfcomm,l2cap
sunrpc                167813  1
pcmcia                 29025  2
ipt_REJECT              5569  1
ipt_state               1857  2
ip_conntrack           41497  1 ipt_state
iptable_filter          2881  1
ip_tables              19521  3 ipt_REJECT,ipt_state,iptable_filter
video                  15941  0
button                  6609  0
battery                 9413  0
ac                      4805  0
md5                     4033  1
ipv6                  268097  10
ohci1394               41353  0
ieee1394              304441  1 ohci1394
yenta_socket           21449  1
rsrc_nonstatic         12737  1 yenta_socket
pcmcia_core            50909  3 pcmcia,yenta_socket,rsrc_nonstatic
ohci_hcd               26849  0
shpchp                 94405  0
i2c_ali1535             7365  0
i2c_core               21569  1 i2c_ali1535
snd_ali5451            28933  1
snd_ac97_codec         75961  1 snd_ali5451
snd_seq_dummy           3653  0
snd_seq_oss            37057  0
snd_seq_midi_event      9153  1 snd_seq_oss
snd_seq                62289  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device          8781  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            51185  0
snd_mixer_oss          17857  1 snd_pcm_oss
snd_pcm               100169  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
snd_timer              33605  2 snd_seq,snd_pcm
snd                    57157  11 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              10913  1 snd
snd_page_alloc          9669  1 snd_pcm
natsemi                34849  0
floppy                 65269  0
joydev                  9601  0
dm_snapshot            17413  0
dm_zero                 2113  0
dm_mirror              26029  0
ext3                  132553  2
jbd                    86233  1 ext3
dm_mod                 58101  6 dm_snapshot,dm_zero,dm_mirror
3. [root@thyrsus-laptop ~]# /sbin/losetup -e blowfish /dev/loop0 /var/local/cdata
/var/local/cdata: Permission denied
 

Actual Results:  /var/local/cdata: Permission denied


Expected Results:  Password:

(prompt for password)

Additional info:

This worked in Fedora Core 2 and Fedora Core 3; if I had to bet, I'd put money on it being a problem with the default (targeted, right?) SELinux configuration.  However, there are no messages corresponding to the event in /var/log/messages, where, at least at one point, SELinux audit messages were sent.  If there is some sort of logging I can turn on, I'll be happy to do so.  An strace of the losetup process contains the line:

open("/var/local/cdata", O_RDWR|O_LARGEFILE) = -1 EACCES (Permission denied)

Comment 1 Nils Toedtmann 2005-06-20 12:58:06 UTC
I can confirm this bug. Upgraded from FC3 to FC4 and have to "setenforce 0"
since for loopback mounts. 

I have moved the image file around the filesystem and did 

  setfiles /etc/selinux/targeted/contexts/files/file_contexts $imagefile

but it did not help. Tried to find a valid security context ("chcon") for the
image file but failed. Always got something like

  avc: denied ... comm="losetup" ... scontext=root:system_r:fsadm_t tcontext=...
tclass=file

Using FC4, 2.6.11-1.1369_FC4xen0, util-linux-2.12p-9.5
, selinux-policy-targeted-1.23.16-6

Comment 2 Nils Toedtmann 2005-06-20 13:04:00 UTC
Bug #160859 is a duplicate of this. It has a good summary line.

Comment 3 Nils Toedtmann 2005-06-20 13:12:26 UTC
xen does not work on image files because of this bug. "xm create" fails when
xend tries to assing a /dev/loop* to the imagefile. But when i do 

  setenforce 0
  losetup /dev/loop0 /home/xen/domain1-rootfs
  setenforce 1
  xm create domain1

it works.

Comment 4 Nils Toedtmann 2005-06-21 09:18:02 UTC
An upgrade to selinux-policy-targeted-1.23.18-12 resolved this issue for me. Now
i can do "losetup" and "mount -o loop" again.

Unfortunately, xen's "xm create" still does not work. Will open xen bug entry
for this.

Comment 5 Nils Toedtmann 2005-06-21 09:57:07 UTC
See bug #161195.

Comment 6 Stephen P. Schaefer 2005-06-23 12:50:50 UTC
I ran up2date last night, bringing in selinux-policy-targeted-1.23.18-12, and
this is working as I'd like.  I'd be happy to see this declared resolved.  The
form would seem to allow me to do that, but I'm not familiar enough with the QA
requirements to feel comfortable doing that.  I haven't (yet) tried xen.


Comment 7 Karel Zak 2005-06-29 09:22:09 UTC
Thanks for your feedback.


Note You need to log in before you can comment on or make changes to this bug.