OK.. .running Rawhide as of this morning, strict policy in permissive mode - so selinux *shouldn't* kill anything off. I start off as a user, and then 'su' to root. I'm running with: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:staff_r:staff_t # ls -lZ `tty` crw------- valdis valdis valdis:object_r:staff_devpts_t /dev/pts/0 If I do 'more /etc/passwd /etc/group', it works fine (any two files is OK, or any single file over 1 screen long). Then I 'newrole -r sysadm_r'.. # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:sysadm_r:sysadm_t # ls -lZ `tty` crw------- valdis valdis valdis:object_r:sysadm_devpts_t /dev/pts/0 Now if I try to 'more' anything that's more than one screen, it just silently exits after the first screen/file/etc. Some poking with strace indicates that when it fails, we have this: getcwd("/home/valdis", 4098) = 13 write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40 read(2, 0xbfa266c7, 1) = -1 EBADF (Bad file descriptor) ioctl(2, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0) = 4 exit_group(0) = ? while the working case has: getcwd("/home/valdis", 4098) = 13 write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40 read(2, "\n", 1) = 1 The problem is in newrole.c, where we do this: fd = open(ttyn,O_WRONLY); to open fd2. Now, should this be fixed to O_RDWR, or should 'more' be fixed to read off stdin rather than stderr?
Attachment:
pgpEHULqjqJm2.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list