Description of problem: mount and umount cause auditd errors to be displayed on the console. Version-Release number of selected component (if applicable): laus-0.1-66RHEL3 How reproducible: 100% Steps to Reproduce: 1. mount or umount an nfs dir 2. 3. Actual results: audit(1142217702.244:6): avc: denied { search } for pid=2690 comm="hald" name="home" dev=dm-0 ino=11272193 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Expected results: mount and umount are fairly common commands -- should we really be pumping error messages everytime we mount a filesystem?
Audit system just collects problems similar to syslog collects error messages. The source of the problem seems to be a policy issue. Which SE Linux policy are you running?
I'm running rawhide-latest, selinux-policy-2.2.23-15 selinux-policy-targeted-2.2.23-15
Why is hal searching the home dir when a user does a mount?
Yes, we do search for a file ".created-by-hal" when a file system is unmounted. We don't check for this when things are mounted. We ought to restrict this check to 1. When something is unmounted from "/media" 2. Only check if hal knew about this device I will make this change upstream. So I guess what you're seeing is that someone mounted something in their home directory and then unmounted it. Prarit, can you confirm this?
>So I guess what you're seeing is that someone mounted something in their home directory and then unmounted it. Prarit, can you confirm this? Yep, that's what I was doing. P.
This is no longer occurring in the latest rawhide tree 20060919. P.