Bug 504872
Summary: | SELinux targetted policy blocks VMWare-hgfsmounter from mounting shared disks. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Dmitry Torokhov <dmitry.torokhov> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.3 | CC: | dwalsh, ebenes, mmalik, ohudlick, pmuller, qmjxjtu, syeghiay |
Target Milestone: | rc | Keywords: | OtherQA |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 238360 | Environment: | |
Last Closed: | 2009-09-02 08:00:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitry Torokhov
2009-06-09 20:26:40 UTC
Are you seeing this with selinux-policy-2.4.6-244.el5.noarch.rpm which is out on http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ (In reply to comment #1) > Are you seeing this with selinux-policy-2.4.6-244.el5.noarch.rpm which is out > on > http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ No selinux denials are seen again after the upgrading. Due to package dependency, I downloaded all the packages from http://people.redhat.com/dwalsh/SELinux/RHEL5/noarch/ and http://people.redhat.com/dwalsh/SELinux/RHEL5/i386/, then I did the upgrading by "rpm -U", then I saw restorecon commands, including the one for vmware-hgfsmounter, which is denied by selinux before the upgrading. ... /sbin/restorecon reset /usr/bin/vmware-config-tools.pl context user_u:object_r:bin_t:s0->system_u:object_r:unconfined_execmem_exec_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32 context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-modconfig-console-wrapper context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-guestd-wrapper context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-modconfig-console context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-checkvm context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-modconfig context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 /sbin/restorecon reset /usr/lib/vmware-tools/sbin32/vmware-hgfsmounter context user_u:object_r:lib_t:s0->system_u:object_r:sbin_t:s0 .... After that, no selinux alters or denials are seen again when trying to mount hgfs shares. It seems your the new policy fixes the bug. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1242.html |