Bug 170057 - OpenAFS on RHEL 4 Update 2
Summary: OpenAFS on RHEL 4 Update 2
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
Blocks: 168429
TreeView+ depends on / blocked
Reported: 2005-10-06 21:08 UTC by Jack Neely
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2006-03-07 18:11:51 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2006:0049 qe-ready SHIPPED_LIVE selinux-policy bug fix update 2006-03-06 05:00:00 UTC

Description Jack Neely 2005-10-06 21:08:41 UTC
Description of problem:
After rebuilding OpenAFS to work on 2.6.9-22.EL after upgrading to U2 SELinux
will not allow the AFS daemons to mount /afs.

[root@rk-test4 ~]# service afs start
Loading AFS kernel module:  Found system call table at 0xc0359540 (pattern scan)
                                                          [  OK  ]
Starting AFS client: Starting AFS cache scan...Memory cache: Allocating 800
dcache entries...found 0 non-empty cache files (0%).
audit(1128631218.616:4): avc:  denied  { mount } for  pid=3524 comm="afsd"
name="/" dev=afs ino=0 scontext=root:system_r:initrc_t
tcontext=system_u:object_r:unlabeled_t tclass=filesystem
WARM shutting down of: CB... afs... BkG... CTrunc... AFSDB... RxEvent...
UnmaskRxkSignals... RxListener...
afsd: All AFS daemons started.
afsd: All AFS daemons started.
afsd: Can't mount AFS on /afs(13)

Nor will SELinux allow afsd to unmount itself at shutdown.

Let me know if I need to post some OpenAFS RPMs.

Version-Release number of selected component (if applicable):
RHEL 4 Update 2

How reproducible:
Reproduced on: i386, x86_64

Comment 1 Daniel Walsh 2005-10-06 21:44:46 UTC
You can either make some minor changes to policy to allow afs or grab a
pre-release of U3 policy from



Install selinux-targeted-policy-sources and add this to 


allow initrc_t unlabeled_t:filesystem *;
genfscon afs /                          system_u:object_r:nfs_t

Comment 2 Daniel Walsh 2005-10-06 21:46:43 UTC
Fixed in selinux-policy-targeted-

Comment 7 Red Hat Bugzilla 2006-03-07 18:11:51 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.