Bug 188561

Summary: fuse changes security context of /etc/mtab
Product: [Fedora] Fedora Reporter: drago01
Component: fuseAssignee: Peter Lemenkov <lemenkov>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: fuse-2.6.3-1.fc6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-09 11:03:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description drago01 2006-04-11 09:16:40 UTC 
Description of problem:
fuse changes security context of /etc/mtab when it mounts or umounts.
which results in 
audit(1144746982.448:5): avc:  denied  { write } for  pid=3273 comm="mount"
name="mtab" dev=md0 ino=7014388 scontext=system_u:system_r:mount_t:s0
tcontext=user_u:object_r:etc_t:s0 tclass=file
when I try to unmount/mount a usb pen drive.
and I also gets tons of avcs during shutdown.

Version-Release number of selected component (if applicable):
fuse-2.5.2-4.fc5

How reproducible:
always!

Steps to Reproduce:
1. mount anything using fuse (sshfs)
2. umount it,mount a usb pen drive
3. notice avcs
4. shutdown notice tons of avcs.
  
Actual results:
audit(1144746982.448:5): avc:  denied  { write } for  pid=3273 comm="mount"
name="mtab" dev=md0 ino=7014388 scontext=system_u:system_r:mount_t:s0
tcontext=user_u:object_r:etc_t:s0 tclass=file
and no mtab entry for new mounted devices.

Expected results:

it should not change the file context

Additional info:
selinux-policy-2.2.29-3.fc5
selinux-policy-targeted-2.2.29-3.fc5
Comment 1 Yves Perrenoud 2006-07-27 17:49:43 UTC 
I found the problem, fixed it and sent a patch upstream to the fuse-devel
mailing list. fusermount was re-creating /etc/mtab on unmount, but it wasn't
restoring the security context of the old file it was replacing.
Comment 2 drago01 2007-02-09 11:03:44 UTC 
I can confirm that its fixed ;)
Comment 3 Yves Perrenoud 2007-03-26 11:14:02 UTC 
This problem isn't fixed in packages in Extras for FC5 and FC6. Indeed the patch
I submitted upstream has made it into the source used to build the packages, but
the fusermount binary in the rpms built for the Extras repositories, doesn't
contain the fix. The only explanation for that is that the build environment
doesn't include the libselinux and libselinux-devel packages. Hence the
fusermount binary never includes the selinux specific code.

If I rebuild the src rpm as-is, I obtain a fusermount binary that includes the
code and hence solves the problem.

I suggest adding the following to the spec file:

BuildRequires: libselinux, libselinux-devel

This should definitely ensure the problem is solved.