/usr/bin/install hangs, apparently due to SELinux
Posted
by
Cooper
on Server Fault
See other posts from Server Fault
or by Cooper
Published on 2011-02-16T20:01:42Z
Indexed on
2011/02/17
15:26 UTC
Read the original article
Hit count: 285
I'm trying to use the GNU coreutils install utility, however it is hanging:
/usr/bin/install -v test_file test_dir/
`test_file' -> `test_dir/test_file
I see the same behavior whether I run as a normal user, or root/sudo.
I ran an strace -f
, and this is the end of the output:
...
read(4, "<username>\t-d\tsystem_u:object_r:ho"..., 4096) = 2197 <0.000012>
brk(0x6e3b1000) = 0x6e3b1000 <0.000009>
mmap(NULL, 29138944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2abd831ae000 <0.000014>
munmap(0x2abd815dd000, 29138944) = 0 <0.003466>
The read() is reading from /etc/selinux/targeted/contexts/files/file_contexts.homedirs
, apparently successfully. It appears that the process is hanging right after the munmap, but continues to eat 100% CPU.
My two questions are:
1) Any good way to see what is going on with the process? I'm currently too lazy to compile a debug version of install
I can run gdb
on - but a strong suggestion in an answer here may motivate me to do so if needed.
2) Any idea what the SELinux issue could be? I'm not too familiar with SELinux.
Additional info of possible relevance:
# ls -Z
drwxr-xr-x my_user 7001 user_u:object_r:user_home_t test_dir
-rw-r--r-- my_user 7001 user_u:object_r:user_home_t test_file
# id
... context=user_u:system_r:unconfined_t
# uname -a
Linux hostname 2.6.18-238.1.1.el5 #1 SMP Tue Jan 4 13:32:19 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
I am suspicious that SELinux + Quest Authentication Services (QAS) is causing the issue. QAS is generally well behaved, but it did cause the /etc/selinux/targeted/contexts/files/file_contexts.homedirs
to get quite large (~18k users, @23 lines per user)
Update: install -v -Z user_u:object_r:user_home_t file dir/
seems to work. Can anyone suggest why, given that SELinux is in permissive mode (see comments).
© Server Fault or respective owner