Bug 253672
Summary: | smbclient causes AVC denied messages | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ken Reilly <kreilly> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | CC: | pigetak178, ssorce | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-01-30 19:05:43 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Pete Graner
2007-08-21 05:17:01 UTC
Created attachment 161947 [details]
setroubleshooter output
I guess there should be a transition rule to go from automount_t to bin_t ? What I don't get is why auto.smb should run smbclient, I'd expect mount.smbfs or mount.cifs ... It does, But first it runs smbclient to find all the shares exported from the remote machine, Then it mounts them all. At least that is what the automount guys have explained. No transition necessary, I just needed to allow automount to read the samba_var_t and samba_etc_t files. smbclient does not currently have a domain. bin_t is for domains executables that will be run without a transition. Fixed in selinux-policy-2.6.4-40 Straight autofs mount of CIFS type filesystems causes AVC messages: Sep 15 14:02:55 yorky kernel: audit(1189879375.793:9): avc: denied { read } for pid=16802 comm="mount.cifs" name="hosts" dev=dm-0 ino=3604493 scontext=user_u:system_r:mount_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file /etc/auto.master contains: /misc /etc/auto.misc --timeout=60 /etc/auto.misc contains: k -fstype=cifs,rw,dom=Enterprise,user=me,pass=myPwd ://nmrfs2/common Mount does work. Oops. Am running latested policy: /home/dmobrien: rpm -q selinux-policy selinux-policy-2.6.4-40.fc7 This looks like you have a badly labeled hosts file. Something created a hosts file in /tmp and then mv'd it to /etc. I would guess restorecon -V /etc/hosts Yes, that is very likely. I run the Juniper SSL VPN client code to access my work machine, and I believe it does muck about with the /etc/hosts file. /home/dmobrien: sudo restorecon -V /etc/hosts restorecon: invalid option -- V usage: restorecon [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname... ] FYI: /home/dmobrien: ls -lZ /etc/hosts -rw-r--r-- root root user_u:object_r:etc_t /etc/hosts Sorry about that restorecon -v . Anyways there was a hosts file that was not labeled etc_t that was causing the problem. User pgraner's account has been closed Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen. |