Bug 185527

Summary: (u)mount causes hald & avc messages to console
Product: [Fedora] Fedora Reporter: Prarit Bhargava <prarit>
Component: halAssignee: John (J5) Palmieri <johnp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: davidz, jkeck, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: ia64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-20 11:49:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 163350    

Description Prarit Bhargava 2006-03-15 15:21:14 UTC 
Description of problem: 
 
mount and umount cause auditd errors to be displayed on the console.   
 
Version-Release number of selected component (if applicable): laus-0.1-66RHEL3 
 
How reproducible: 100% 
 
 
Steps to Reproduce: 
1. mount or umount an nfs dir 
2. 
3. 
   
Actual results: 
 
audit(1142217702.244:6): avc:  denied  { search } for  pid=2690 comm="hald" 
name="home" dev=dm-0 ino=11272193 scontext=system_u:system_r:hald_t:s0 
tcontext=system_u:object_r:home_root_t:s0 tclass=dir 
 
Expected results: 
 
mount and umount are fairly common commands -- should we really be pumping 
error messages everytime we mount a filesystem?
Comment 1 Steve Grubb 2006-03-15 15:29:06 UTC 
Audit system just collects problems similar to syslog collects error messages.
The source of the problem seems to be a policy issue. Which SE Linux policy are
you running?
Comment 2 Prarit Bhargava 2006-03-15 15:39:18 UTC 
I'm running rawhide-latest, 
 
selinux-policy-2.2.23-15 
selinux-policy-targeted-2.2.23-15
Comment 3 Daniel Walsh 2006-03-15 16:56:30 UTC 
Why is hal searching the home dir when a user does a mount?
Comment 4 David Zeuthen 2006-03-15 17:14:48 UTC 
Yes, we do search for a file ".created-by-hal" when a file system is unmounted.
We don't check for this when things are mounted.

We ought to restrict this check to

 1. When something is unmounted from "/media" 
 2. Only check if hal knew about this device

I will make this change upstream.

So I guess what you're seeing is that someone mounted something in their home
directory and then unmounted it. Prarit, can you confirm this?
Comment 5 Prarit Bhargava 2006-03-15 18:26:21 UTC 
>So I guess what you're seeing is that someone mounted something in their home 
directory and then unmounted it. Prarit, can you confirm this? 
 
Yep, that's what I was doing. 
 
P.
Comment 6 Prarit Bhargava 2006-09-20 11:49:17 UTC 
This is no longer occurring in the latest rawhide tree 20060919.

P.