Bug 1499760

Summary: gvfs-udisks2-volume-monitor generates huge amount of audit log with access denied messages
Product: Red Hat Enterprise Linux 7 Reporter: Dmitry Zhukovski <dzhukous>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED ERRATA QA Contact: Radka Brychtova <rskvaril>
Severity: medium Docs Contact:
Priority: urgent    
Version: 7.4CC: bxue, dzhukous, fkrska, fsumsal, jherrman, rskvaril, xzhou, zlang
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: util-linux-2.23.2-48.el7 Doc Type: Bug Fix
Doc Text:
Previously, using the "gvfs-udisks2-volume-monitor" command in some cases generated a large amount of audit logs with "access denied" error messages. With this update, the checks for write access to the private library files that the libmount library performs have been adjusted to prevent the error messages from appearing.
 Story Points: ---
Clone Of:
: 1506533 (view as bug list) Environment:
Last Closed: 2018-04-10 17:27:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1506533    

Description Dmitry Zhukovski 2017-10-09 10:55:44 UTC 
Description of problem:
gvfs-udisks2-volume-monitor generates huge amount of audit log with access denied messages

Version-Release number of selected component (if applicable):
util-linux-2.23.2-43.el7.x86_64

How reproducible:
everytime

Steps to Reproduce:
1. run strace -p <gvfs-udisks2-volume-monitor> ; access some automount's path via /net/ip/share
OR 
1. sudo strace mount some path
2. 
3.

Actual results:
mount happens but also audit triggers huge about of audit logs on failed CheckFileAccess of accessing of /run/mount/utab

Expected results:
no audit logs produced due to cech of access file permissions

Additional info:
Comment 4 Karel Zak 2017-10-09 14:16:23 UTC 
Yes, open() is probably overkill to test write access to the utab file. It seems eaccess() would be better.
Comment 13 Dmitry Zhukovski 2017-11-07 07:56:30 UTC 
Radka - you have to have SElinux enabled and then boot desktop and try to search and mount some samba share for example. you should get tons of those messages.

Re testing. Yes - customer successfully tested both 7.5 and 7.4.z fix and has got approved interim hotfix for 7.4.z
Comment 16 Karel Zak 2017-11-08 14:31:09 UTC 
*** Bug 1510976 has been marked as a duplicate of this bug. ***
Comment 21 errata-xmlrpc 2018-04-10 17:27:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0936