Description of problem: At first, I thought of logging this bug in as an selinux bug since testing my strict policy fails on the line "allow rhgb_t etc_t:dir mounton;". However after looking at the log entry below, I wondered if any process, other than some remote workstation process, should have mounton anywhere near /etc. Apr 28 19:32:54 xix kernel: audit(1114716755.277:0): avc: denied { mounton } for path=/etc/rhgb/temp dev=dm-0 ino=17467378 scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:etc_t tclass=dir Version-Release number of selected component (if applicable): rhgb-0.16.2-3 How reproducible: On Boot Steps to Reproduce: 1. Set selinux policy to strict and permissive 2. Reboot 3. See /var/log/messages for avc message of rhgb_t accessing /etc/rhgb/temp Actual results: rhgb_t attempts to access /etc/rhgb/temp Expected results: rhgb_t should access /tmp/rhgb Additional info: maybe a strict policy update is required for rhgb
Reassigned to selinux-policy-strict.
/etc/rhgb/temp is mislabeled. Should be mnt_t restorecon -R -v /etc/rhgb