Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux: running semodule -DB fails with "file_contexts: line X is missing fields, skipping" #305

Closed
margamanterola opened this issue Dec 21, 2020 · 3 comments · Fixed by flatcar-archive/coreos-overlay#1048
Closed

SELinux: running semodule -DB fails with "file_contexts: line X is missing fields, skipping" #305

margamanterola opened this issue Dec 21, 2020 · 3 comments · Fixed by flatcar-archive/coreos-overlay#1048
Labels
kind/bug Something isn't working

Comments

@margamanterola
Copy link
Contributor

Description

When trying to run semodule -DB before enabling enforcing mode in SELinux, a lot of errors like the following are printed:

/etc/selinux/mcs/contexts/files/file_contexts:  line 1 is missing fields, skipping
(...)
/etc/selinux/mcs/contexts/files/file_contexts:  line 1466 is missing fields, skipping
/etc/selinux/mcs/contexts/files/file_contexts.homedirs:  line 13 is missing fields, skipping
(...)
/etc/selinux/mcs/contexts/files/file_contexts.homedirs:  line 37 is missing fields, skipping

Impact

I'm not sure. I don't know if this means SELinux is using no contexts or if it's using some default contexts. Needs further investigation.

Environment and steps to reproduce

  1. Set-up: a Flatcar Container Linux machine, with the latest stable release (2605.10.0)
  2. Task: Trying to rebuild the SELinux module policy
  3. Action(s): First, the relevant selinux directories in /etc and /var need to me made writable:
sudo rm /var/lib/selinux;
sudo cp -a /usr/lib/selinux/policy /var/lib/selinux
sudo rm /etc/selinux/mcs
sudo cp -a /usr/lib/selinux/mcs /etc/selinux
  1. Error: [describe the error that was triggered]

Running semodule -DB will fail with the above mentioned errors.

Additional information

The mentioned files are generated by the command itself in a step before trying to parse them. I tried modifying the files manually to see what happened, and my changes got overwritten by the semodule command (this part is working as intended, as far as I understand, the actual contents come from /lib which is in the read-only file system).

Apparently, the contents generated by the command in one step are not parsed correctly in the following step.

This is where the error is generated, if there aren't two fields when reading the files:
https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/label_media.c#L50
@margamanterola margamanterola added the kind/bug Something isn't working label Dec 21, 2020
@margamanterola
Copy link
Contributor Author

I tried with 2605.8.0 and with 2512.4.0 and got the same errors, so this is not a recent regression.

@tormath1 tormath1 mentioned this issue Jun 4, 2021
Merged
@agiterman1
Copy link

still not working on 2905.2.4
sample output:

/etc/selinux/mcs/contexts/files/file_contexts: line 1 is missing fields, skipping
/etc/selinux/mcs/contexts/files/file_contexts: line 2 is missing fields, skipping
/etc/selinux/mcs/contexts/files/file_contexts: line 3 is missing fields, skipping

@tormath1
Copy link
Contributor

Hi @agiterman1 ; SELinux upgrade did not land yet on stable, it should be available middle of Oct. after the next stable release maintenance - it's in beta and alpha if you want to give a try.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

selinux: upgrade selinux libs flatcar-archive/coreos-overlay
3 participants
@agiterman1 @tormath1 @margamanterola