Bug 1499760 – gvfs-udisks2-volume-monitor generates huge amount of audit log with access denied messages

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1499760 - gvfs-udisks2-volume-monitor generates huge amount of audit log with access denied messages

Summary:	gvfs-udisks2-volume-monitor generates huge amount of audit log with access de...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	util-linux (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	x86_64 Linux

Priority	urgent Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Karel Zak
QA Contact:	Radka Skvarilova
Docs Contact:

URL:
Whiteboard:
Keywords:	ZStream

Duplicates:	1510976 (view as bug list)
Depends On:
Blocks:	1506533
	Show dependency tree / graph

Reported:	2017-10-09 06:55 EDT by Dmitry Zhukovski
Modified:	2018-04-10 13:28 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:	util-linux-2.23.2-48.el7
Doc Type:	Bug Fix
Doc Text:	Previously, using the "gvfs-udisks2-volume-monitor" command in some cases generated a large amount of audit logs with "access denied" error messages. With this update, the checks for write access to the private library files that the libmount library performs have been adjusted to prevent the error messages from appearing.
Story Points:	---
Clone Of:
Clones:	1506533 (view as bug list)
Environment:
Last Closed:	2018-04-10 13:27:15 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0936	None	None	None	2018-04-10 13:28 EDT

Groups: None (edit)

Description Dmitry Zhukovski 2017-10-09 06:55:44 EDT

Description of problem:
gvfs-udisks2-volume-monitor generates huge amount of audit log with access denied messages

Version-Release number of selected component (if applicable):
util-linux-2.23.2-43.el7.x86_64

How reproducible:
everytime

Steps to Reproduce:
1. run strace -p <gvfs-udisks2-volume-monitor> ; access some automount's path via /net/ip/share
OR 
1. sudo strace mount some path
2. 
3.

Actual results:
mount happens but also audit triggers huge about of audit logs on failed CheckFileAccess of accessing of /run/mount/utab

Expected results:
no audit logs produced due to cech of access file permissions

Additional info:

Comment 4 Karel Zak 2017-10-09 10:16:23 EDT

Yes, open() is probably overkill to test write access to the utab file. It seems eaccess() would be better.

Comment 13 Dmitry Zhukovski 2017-11-07 02:56:30 EST

Radka - you have to have SElinux enabled and then boot desktop and try to search and mount some samba share for example. you should get tons of those messages.

Re testing. Yes - customer successfully tested both 7.5 and 7.4.z fix and has got approved interim hotfix for 7.4.z

Comment 16 Karel Zak 2017-11-08 09:31:09 EST

*** Bug 1510976 has been marked as a duplicate of this bug. ***

Comment 21 errata-xmlrpc 2018-04-10 13:27:15 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0936

Note You need to log in before you can comment on or make changes to this bug.