Bug 170057 - OpenAFS on RHEL 4 Update 2
OpenAFS on RHEL 4 Update 2
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
Blocks: 168429
  Show dependency treegraph
Reported: 2005-10-06 17:08 EDT by Jack Neely
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2006-0049
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-07 13:11:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jack Neely 2005-10-06 17:08:41 EDT
Description of problem:
After rebuilding OpenAFS to work on 2.6.9-22.EL after upgrading to U2 SELinux
will not allow the AFS daemons to mount /afs.

[root@rk-test4 ~]# service afs start
Loading AFS kernel module:  Found system call table at 0xc0359540 (pattern scan)
                                                          [  OK  ]
Starting AFS client: Starting AFS cache scan...Memory cache: Allocating 800
dcache entries...found 0 non-empty cache files (0%).
audit(1128631218.616:4): avc:  denied  { mount } for  pid=3524 comm="afsd"
name="/" dev=afs ino=0 scontext=root:system_r:initrc_t
tcontext=system_u:object_r:unlabeled_t tclass=filesystem
WARM shutting down of: CB... afs... BkG... CTrunc... AFSDB... RxEvent...
UnmaskRxkSignals... RxListener...
afsd: All AFS daemons started.
afsd: All AFS daemons started.
afsd: Can't mount AFS on /afs(13)

Nor will SELinux allow afsd to unmount itself at shutdown.

Let me know if I need to post some OpenAFS RPMs.

Version-Release number of selected component (if applicable):
RHEL 4 Update 2

How reproducible:
Reproduced on: i386, x86_64
Comment 1 Daniel Walsh 2005-10-06 17:44:46 EDT
You can either make some minor changes to policy to allow afs or grab a
pre-release of U3 policy from



Install selinux-targeted-policy-sources and add this to 


allow initrc_t unlabeled_t:filesystem *;
genfscon afs /                          system_u:object_r:nfs_t
Comment 2 Daniel Walsh 2005-10-06 17:46:43 EDT
Fixed in selinux-policy-targeted-
Comment 7 Red Hat Bugzilla 2006-03-07 13:11:51 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.