Bug 195989 - failed to automount 3-level directory structure
failed to automount 3-level directory structure
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: autofs (Show other bugs)
5
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Moyer
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-20 03:11 EDT by M.T
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-02 08:06:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
nsswitch.conf from nis client (1.74 KB, text/plain)
2006-06-21 09:31 EDT, M.T
no flags Details
autofs from /etc/sysconfig/autofs from nis client (931 bytes, text/plain)
2006-06-21 09:32 EDT, M.T
no flags Details
automaster from AIX NIS master server (57 bytes, text/plain)
2006-06-21 09:33 EDT, M.T
no flags Details
auto.home from AIX NIS master server (85 bytes, text/plain)
2006-06-21 09:33 EDT, M.T
no flags Details
auto.students from AIX NIS master server (40 bytes, text/plain)
2006-06-21 09:34 EDT, M.T
no flags Details

  None (edit)
Description M.T 2006-06-20 03:11:10 EDT
Description of problem:

Failed to automount /home/students/cs through NIS maps
Version-Release number of selected component (if applicable):
Fedora Core 5.0, autofs-4.1.4-25

How reproducible:


Steps to Reproduce:
1.We have configure on our AIX NIS server the auto.master with 
/home/students  /etc/auto.home and we include in the auto.home the line 
cs      -rw,hard,intr   uls:/home/students/cs

 (Pls note that the directory on uls is exported as /home/students/cs, and the
home dir for our user is something like /home/students/cs/<year>/<username>

Our Fedora w/s, give the following errors in /var/log/messages:
Jun 20 09:54:25 cs4034 kernel: audit(1150786465.264:341): avc:  denied  { write
} for  pid=27822 comm="automount" name="home" dev=dm-0 ino=131073
scontext=root:system_r:automount_t:s0 tcontext=system_u:object_r:file_t:s0
tclass=dir
Jun 20 09:54:25 cs4034 automount[27822]: failed to create iautofs directory
/home/students
Jun 20 09:54:25 cs4034 automount[27822]: /home/students: mount failed!



Is there any patch, we can apply to solve this problem?
Comment 1 Ian Kent 2006-06-20 04:15:57 EDT
(In reply to comment #0)
> Steps to Reproduce:
> 1.We have configure on our AIX NIS server the auto.master with 
> /home/students  /etc/auto.home and we include in the auto.home the line 
> cs      -rw,hard,intr   uls:/home/students/cs
> 
>  (Pls note that the directory on uls is exported as /home/students/cs, and the
> home dir for our user is something like /home/students/cs/<year>/<username>
> 
> Our Fedora w/s, give the following errors in /var/log/messages:
> Jun 20 09:54:25 cs4034 kernel: audit(1150786465.264:341): avc:  denied  { write
> } for  pid=27822 comm="automount" name="home" dev=dm-0 ino=131073
> scontext=root:system_r:automount_t:s0 tcontext=system_u:object_r:file_t:s0
> tclass=dir
> Jun 20 09:54:25 cs4034 automount[27822]: failed to create iautofs directory
> /home/students
> Jun 20 09:54:25 cs4034 automount[27822]: /home/students: mount failed!

This looks like one of the selinux problems we've started seeing
lately. Do you have selinux enabled?

Ian
Comment 2 M.T 2006-06-20 05:11:10 EDT
The selinux is already disabled, while the firewall is enabled. Pls note that
automount is working on a 2-level structure i.e /home/<username>
Comment 3 Ian Kent 2006-06-20 06:21:14 EDT
(In reply to comment #2)
> The selinux is already disabled, while the firewall is enabled. Pls note that
> automount is working on a 2-level structure i.e /home/<username>

That shouldn't be a problem and that message looks like an selinux
message.

Ian
Comment 4 M.T 2006-06-20 06:34:07 EDT
So, are you working on a patch? Is there anything we can do, to bypass the problem?
Comment 5 Ian Kent 2006-06-20 06:56:19 EDT
(In reply to comment #4)
> So, are you working on a patch? Is there anything we can do, to bypass the
problem?

I wasn't working on a patch as I think this is due to selinux.
However, I put together a small test program using the mkdir_path
subroutine from autofs and I can confirm that it works as expected
as it has done for years.

But selinux seems to think there's something wrong, obviously.
So I'm thinking that we might try a patch to change the directory
create mask from 0555 to 0755 and see if selinux likes that.

But let me check that won't compromise autofs before we go ahead.
From memory the autofs4 filesystem will only allow the daemon to
carry operations regardless of mode.

Are you willing to give this a try.

Ian

Comment 6 M.T 2006-06-20 09:12:07 EDT
Yes of course. Just tell me exactly what do you want to test
Comment 7 Jeff Moyer 2006-06-20 10:23:59 EDT
I don't believe that selinux was turned off, since we're getting avc denied
messages.  I also don't believe that the right course of action is to disable
selinux.  This looks to be a labeling problem;  run 'touch /.autorelabel' and
reboot the machine.  Please let us know if this resolves the issue.

Thanks!
Comment 8 M.T 2006-06-21 04:28:19 EDT
Yes, it is working!!! Many thanks for the help. 
So, what is the problem?Is it a bug? and what it the .autorelabel file?
Comment 9 M.T 2006-06-21 07:04:42 EDT
BUT.....

I have configure 2 mount points. /home/students/cs and /home/support. It seems
that the 2nd one is not working anymore. If i execute service autofs status, i get
Configured Mount Points:
------------------------
/usr/sbin/automount --timeout=60 /home/students yp auto.students

Active Mount Points:
--------------------
/usr/sbin/automount --timeout=60 /home/students yp auto.students


while i execute ypcat -k auto.master, i get 
/home/students /etc/auto.students
/home /etc/auto.home

with the command ypcat -k auto.students i get 
cs -rw,hard,intr        uls:/home/students/cs

and with the command ypcat -k auto.home i get
research -rw,hard,intr  nas200:/research
support -rw,hard,intr   csfs3:/home/support

How can I solve this problem?
Comment 10 Jeff Moyer 2006-06-21 09:08:17 EDT
>Configured Mount Points:
>------------------------
>/usr/sbin/automount --timeout=60 /home/students yp auto.students

>while i execute ypcat -k auto.master, i get 
>/home/students /etc/auto.students
>/home /etc/auto.home

OK, this is just plain wrong.  autofs should be treating this as a file map. 
When the entry is a full path name, there is no reason to consult nsswitch.conf.

Can you please provide the following files:

/etc/nsswitch.conf
/etc/sysconfig/autofs
/etc/auto.master
/etc/auto.home
/etc/auto.students

Thanks.

-Jeff
Comment 11 M.T 2006-06-21 09:31:24 EDT
Created attachment 131276 [details]
nsswitch.conf from nis client
Comment 12 M.T 2006-06-21 09:32:18 EDT
Created attachment 131277 [details]
autofs from /etc/sysconfig/autofs from nis client
Comment 13 M.T 2006-06-21 09:33:13 EDT
Created attachment 131278 [details]
automaster from AIX NIS master server
Comment 14 M.T 2006-06-21 09:33:55 EDT
Created attachment 131279 [details]
auto.home from AIX NIS master server
Comment 15 M.T 2006-06-21 09:34:40 EDT
Created attachment 131280 [details]
auto.students from AIX NIS master server
Comment 16 M.T 2006-06-21 09:37:16 EDT
Please find attached the required files
Comment 17 Jeff Moyer 2006-06-21 09:44:59 EDT
I'm sorry, I just realized I didn't answer your question from above:

> So, what is the problem?Is it a bug? and what it the .autorelabel file?

/.autorelabel tells the system to perform a file relabel on the next boot.  It
turns out that the label on /home was incorrect, which was keeping us from
creating a directory under it.  I don't know how it became incorrect, unfortunately.

So, for that particular instance, SELinux would not allow autofs to "write" (in
this case, mkdir) to an object of type system_u:object_r:file_t.  That part is
likely not an autofs bug.

Of course, now we need to figure out why autofs isn't recognizing both of your
entries in auto.master.

Thanks for your quick responses!

-Jeff
Comment 18 Ian Kent 2006-06-21 10:32:13 EDT
(In reply to comment #9)
> I have configure 2 mount points. /home/students/cs and /home/support. It seems
> that the 2nd one is not working anymore. If i execute service autofs status, i get
> Configured Mount Points:
> ------------------------
> /usr/sbin/automount --timeout=60 /home/students yp auto.students
> 
> Active Mount Points:
> --------------------
> /usr/sbin/automount --timeout=60 /home/students yp auto.students
> 
> 
> while i execute ypcat -k auto.master, i get 
> /home/students /etc/auto.students
> /home /etc/auto.home

You can't nest seperate autofs mounts.
You must find a way to turn this into a multi-mount
map if you wish to use it this way.

Ian
Comment 19 Jeff Moyer 2006-06-21 11:00:12 EDT
Wow, how did I miss that?

Please let us know if you need help defining the multi-mount map.

Thanks.
Comment 20 M.T 2006-06-22 07:29:53 EDT
Well I think i need help. I have tried to include the following on our AIX NIS
master server: in auto.master I add the following 
/home  /etc/auto.home
and in the /etc/auto.home I include
home    csfs3:/home/support uls:/home/students/cs

In /var/log/messages, I got the entries : 
Jun 22 12:36:02 cs4042 kernel: SELinux: initialized (dev autofs, type autofs),
uses genfs_contexts
Jun 22 12:36:02 cs4042 automount[2708]: bad map format: found indirect, expected
direct exiting

I couldn´t find what was wrong with my set-up. Can  multi-point map  be
supported by AIX ver4.3.3 ?

And I have one more question. The file .autorelabel is disappeared after
rebooting the system. Is this correct, or do I have to change sth on permissions?


Comment 21 Ian Kent 2006-06-22 09:26:04 EDT
(In reply to comment #20)
> Well I think i need help. I have tried to include the following on our AIX NIS
> master server: in auto.master I add the following 
> /home  /etc/auto.home
> and in the /etc/auto.home I include
> home    csfs3:/home/support uls:/home/students/cs
> 
> In /var/log/messages, I got the entries : 
> Jun 22 12:36:02 cs4042 kernel: SELinux: initialized (dev autofs, type autofs),
> uses genfs_contexts
> Jun 22 12:36:02 cs4042 automount[2708]: bad map format: found indirect, expected
> direct exiting
> 

I don't think that's message is a problem. I've seen them many
times.

I'm having trouble understanding how AIX comes into this as you
are using local maps in /etc.

I also don't understand the reasoning behind what you've put in
the map.

I would try something like:

/home  /etc/auto.home

in auto.master (that's fine) and presumably you have other
keys in /etc/auto.home like:

key1   server:/mount/point

so just add:

students   -fdtype=autofs  /etc/auto.students

and see how it goes.

I think you might have to explain to us how you believe the
setup you have works with examples of the maps if we need to
help you with it.

Ian



Comment 22 Jeff Moyer 2006-06-22 09:30:04 EDT
> students   -fdtype=autofs  /etc/auto.students

"fdtype" should be "fstype"
Comment 23 M.T 2006-06-23 03:45:29 EDT
Well, as I have explained in my previous emails that we need to setup NIS
automount. So on our AIX NIS master server we have setup the /etc/auto.master
and the  /etc/auto.home
In the auto.master (on NIS server)
/home  /etc/auto.home
and in the /etc/auto.home (on NIS)I include
home    csfs3:/home/support uls:/home/students/cs.
On our linux client, I execute the command
ypcat -k auto.master and I get 
/home /etc/auto.home and with the command
ypcat -k auto.home I get
home csfs3:/home/support uls:/home/students/cs
and with the command 
[root@cs4042 /]# ypcat -k auto.home I get 
home csfs3:/home/support uls:/home/students/cs

Comment 24 Ian Kent 2006-06-23 06:56:10 EDT
(In reply to comment #23)
> Well, as I have explained in my previous emails that we need to setup NIS
> automount. So on our AIX NIS master server we have setup the /etc/auto.master
> and the  /etc/auto.home

Sure, but I think your configuration is not quite right so I
needed to be clear on how you think this should work.

> In the auto.master (on NIS server)
> /home  /etc/auto.home

OK. So all you clients will get the map information for autofs
mount point /home from their own local file /etc/auto.home.

> and in the /etc/auto.home (on NIS)I include
> home    csfs3:/home/support uls:/home/students/cs.

OK. So this says that when the map key "home" is accessed
it will choose betwwen either ecsfs3:/home/support or
uls:/home/students/cs (assuming the "." is not part of it),
which ever is available and that will be mounted on /home/home.

> On our linux client, I execute the command
> ypcat -k auto.master and I get 
> /home /etc/auto.home and with the command

We don't know what this will do because you haven't specified
what's in /etc/auto.home on the client.

> ypcat -k auto.home I get
> home csfs3:/home/support uls:/home/students/cs
> and with the command 
> [root@cs4042 /]# ypcat -k auto.home I get 
> home csfs3:/home/support uls:/home/students/cs

And, as above, probably not what you actually want but then
it's not referenced on your clients so it doesn't yet matter.

Like I said, I don't think you configuration is quite right but
perhaps I'm missing something.

Ian


> 
> 

Comment 25 M.T 2006-06-23 07:10:19 EDT
> In the auto.master (on NIS server)
> /home  /etc/auto.home

>OK. So all you clients will get the map information for autofs
>mount point /home from their own local file /etc/auto.home.

No, they will get it from nis server, - this is how you configure it on nis server.

On our clients, I have comment out all the lines in /etc/auto.master, and there
is no /etc/auto.home or /etc/auto.students. All the info for autofs will be
published by nis, through nis maps (and of course we run nis client, on our
linux clients)

The user´s home directory it depends on user´s status. If the user belongs to
the support group, the home dir should be /home/support/<username>, if the user
belongs to the students group the home dir should be sth like
/home/students/cs/<year>/<username>
Comment 26 Ian Kent 2006-06-23 07:17:11 EDT
(In reply to comment #25)
> > In the auto.master (on NIS server)
> > /home  /etc/auto.home
> 
> >OK. So all you clients will get the map information for autofs
> >mount point /home from their own local file /etc/auto.home.
> 
> No, they will get it from nis server, - this is how you configure it on nis
server.
> 

Ok. So lets just focus on this.

As far as I know this configuration will not get it's map
information from the NIS server. Unless there's something that
you've missed or that your not telling me that's the way it is
whether its AIX, Solaris, IRIX or Linux.
Comment 27 Ian Kent 2006-06-23 07:41:10 EDT
(In reply to comment #26)
> (In reply to comment #25)
> > > In the auto.master (on NIS server)
> > > /home  /etc/auto.home
> > 
> > >OK. So all you clients will get the map information for autofs
> > >mount point /home from their own local file /etc/auto.home.
> > 
> > No, they will get it from nis server, - this is how you configure it on nis
> server.
> > 
> 
> Ok. So lets just focus on this.
> 
> As far as I know this configuration will not get it's map
> information from the NIS server. Unless there's something that
> you've missed or that your not telling me that's the way it is
> whether its AIX, Solaris, IRIX or Linux.
> 

And there's no useful information is my response.
Sorry, to quick to click save.

What I'm trying to say is that if the master map entry for
/home, which does come from the NIS server, had something
like:

/home    auto.home

or

/home   yp:auto.home      (Linux specific syntax)

then that would tell the automounter to get its map information
for the auto.home map from the NIS server. Giving a full path
name always tells the automounter on the client to look for a
local file.

Ian
Comment 28 M.T 2006-06-23 08:25:59 EDT
Thank you for the quick response!

I have configure on our linux client (fedora core 5), the /etc/auto.master file
as follows:
/home   yp:auto.home, I have rebooted the pc, but I am still having problems.My
users can not get into their home dirs.

After this, I have changed on my NIS master the auto.home to include only a
single entry:
 /home  csfs3:/home/support, but again it fails.
Comment 29 Ian Kent 2006-06-23 08:36:30 EDT
(In reply to comment #28)
> Thank you for the quick response!
> 
> I have configure on our linux client (fedora core 5), the /etc/auto.master file
> as follows:
> /home   yp:auto.home, I have rebooted the pc, but I am still having problems.My
> users can not get into their home dirs.
> 
> After this, I have changed on my NIS master the auto.home to include only a
> single entry:
>  /home  csfs3:/home/support, but again it fails.
> 

Great. One step at a time and we will have this going in no time.
That should do it for the master map.

The auto.home needs a key and a filesystem to mount.
Above we have what looks like a mount point from one of the maps
you posted before.

So I think you need something like:

support		-rw,hard,intr	csfs3:/home/support
research	-rw,hard,intr	nas200:/research

which is of course what you originally posted above.

Lets get this bit right and then we will work out how to add the
entry that started causing the trouble.

Ian
Comment 30 Ian Kent 2006-06-23 08:42:59 EDT
(In reply to comment #29)
> (In reply to comment #28)
> Great. One step at a time and we will have this going in no time.
> That should do it for the master map.
> 
> The auto.home needs a key and a filesystem to mount.
> Above we have what looks like a mount point from one of the maps
> you posted before.

Once again I may not have been clear about this.

> 
> So I think you need something like:
> 
> support		-rw,hard,intr	csfs3:/home/support
> research	-rw,hard,intr	nas200:/research

You need to have this in the auto.home on your NIS server.
Don't forget to update your NIS map if you change it.

Ian
Comment 31 M.T 2006-06-23 08:46:59 EDT
ok. I have enter on our NIS master server, in the auto.home the following:
support		-rw,hard,intr	csfs3:/home/support
research	-rw,hard,intr	nas200:/research,

I rebuild the nis maps, I reload the autofs service on the linux client, and it
is working!!!
I am waiting for your instructions, for /home/students/cs.......
Comment 32 Ian Kent 2006-06-23 09:02:54 EDT
(In reply to comment #31)
> ok. I have enter on our NIS master server, in the auto.home the following:
> support		-rw,hard,intr	csfs3:/home/support
> research	-rw,hard,intr	nas200:/research,
> 
> I rebuild the nis maps, I reload the autofs service on the linux client, and it
> is working!!!
> I am waiting for your instructions, for /home/students/cs.......

I don't know where we went wrong before.
We should be able to add the auto.students to auto.home on
the NIS server.

We must avoid nesting a mount such as having

/home

and

/home/students

in the same map. This is not allowed in automount maps.

We need to work out the syntax to add a new key to the auto.home
map on the NIS server for the auto.students map.

I think we should add the line:

students     -fstype=autofs  yp:auto.students

to the auto.home map on the NIS server and it should work.

The yp: is used because the Linux autofs version 4 on FC doesn't
know how to consult nsswitch. Only the master map entries can be
used without giving the map type.

Ian



cs	-rw,hard,intr	uls:/home/students/cs


Comment 33 Ian Kent 2006-06-23 09:04:46 EDT
(In reply to comment #32)
> 
> cs	-rw,hard,intr	uls:/home/students/cs
> 

Sorry about this junk.
Please ignore.
I was using this to work out what was going on.

Ian

Comment 34 M.T 2006-06-23 09:23:42 EDT
ok. On nis, the auto.home has now the following:
support         -rw,hard,intr   csfs3:/home/support
students        -fstype=autofs  yp:auto.students
research        -rw,hard,intr   nas200:/research

and I have created the /etc/auto.students with the following :
cs      -rw,hard,intr   uls:/home/students/cs
I reloaded the autofs on linux and i tried a student a/c. in the
/var/log/messages I got these entries:
Jun 23 16:23:35 cs4042 kernel: audit(1151069015.623:334): avc:  denied  {
execute_no_trans } for  pid=3560 comm="automount
" name="automount" dev=dm-4 ino=697206 scontext=user_u:system_r:automount_t:s0
tcontext=system_u:object_r:automount_exec_t
:s0 tclass=file
Jun 23 16:23:35 cs4042 automount[3559]: mount(autofs): sub automount returned
status 0xff00
Jun 23 16:23:35 cs4042 automount[3559]: mount(autofs): failed to mount
yp:auto.students on /home/students
Jun 23 16:23:35 cs4042 automount[3559]: failed to mount /home/students
Jun 23 16:28:38 cs4042 kernel: SELinux: initialized (dev 0:16, type nfs), uses
genfs_contexts
Jun 23 16:28:42 cs4042 kernel: audit(1151069322.383:335): avc:  denied  {
execute_no_trans } for  pid=3714 comm="automount
" name="automount" dev=dm-4 ino=697206 scontext=user_u:system_r:automount_t:s0
tcontext=system_u:object_r:automount_exec_t
:s0 tclass=file
Comment 35 Ian Kent 2006-06-23 09:30:33 EDT
(In reply to comment #34)
> ok. On nis, the auto.home has now the following:
> support         -rw,hard,intr   csfs3:/home/support
> students        -fstype=autofs  yp:auto.students
> research        -rw,hard,intr   nas200:/research
> 
> and I have created the /etc/auto.students with the following :
> cs      -rw,hard,intr   uls:/home/students/cs

This all looks ok.

> I reloaded the autofs on linux and i tried a student a/c. in the
> /var/log/messages I got these entries:
> Jun 23 16:23:35 cs4042 kernel: audit(1151069015.623:334): avc:  denied  {
> execute_no_trans } for  pid=3560 comm="automount
> " name="automount" dev=dm-4 ino=697206 scontext=user_u:system_r:automount_t:s0
> tcontext=system_u:object_r:automount_exec_t
> :s0 tclass=file
> Jun 23 16:23:35 cs4042 automount[3559]: mount(autofs): sub automount returned
> status 0xff00
> Jun 23 16:23:35 cs4042 automount[3559]: mount(autofs): failed to mount
> yp:auto.students on /home/students
> Jun 23 16:23:35 cs4042 automount[3559]: failed to mount /home/students
> Jun 23 16:28:38 cs4042 kernel: SELinux: initialized (dev 0:16, type nfs), uses
> genfs_contexts
> Jun 23 16:28:42 cs4042 kernel: audit(1151069322.383:335): avc:  denied  {
> execute_no_trans } for  pid=3714 comm="automount
> " name="automount" dev=dm-4 ino=697206 scontext=user_u:system_r:automount_t:s0
> tcontext=system_u:object_r:automount_exec_t
> :s0 tclass=file
> 

selinux again.

Lets wait and consult with Jeff Moyer when he arrives at work.
He should arrive soon.

He has a much better feel for these selinux issues that have
started popping up lately.

Sorry.
Ian
Comment 36 Jeff Moyer 2006-06-23 10:27:55 EDT
It appears that the SELinux policy does not allow the automount daemon to exec
automount!  I've CC'd Steve Grubb and Dan Walsh so we can hopefully work this out.
Comment 37 M.T 2006-06-26 02:42:32 EDT
I am wondering why SELinux does not allow this. Is this because the dir is a
3-level dir? Why the automount daemon allows the mounting of /home/support and
/home/research?
Comment 38 Ian Kent 2006-06-26 06:14:19 EDT
(In reply to comment #37)
> I am wondering why SELinux does not allow this. Is this because the dir is a
> 3-level dir? Why the automount daemon allows the mounting of /home/support and
> /home/research?

I'm not sure.
I expect it's because the policy only partially caters for autofs.
Hopefully the selinux specialists will have some time to work on this
today.
Comment 39 Steve Grubb 2006-06-26 07:21:38 EDT
>It appears that the SELinux policy does not allow the automount daemon to 
>exec automount!

Where in the code does it do this? I only see modprobe & umount.
Comment 40 Jeff Moyer 2006-06-26 08:53:57 EDT
> Where in the code does it do this? I only see modprobe & umount.

modules/mount_autofs.c:162
		execv(PATH_AUTOMOUNT, argv);

This is a strange question;  don't you trust the autofs maintainers that this
actually happens?  =)
Comment 41 Ian Kent 2006-06-26 09:00:51 EDT
(In reply to comment #40)
> > Where in the code does it do this? I only see modprobe & umount.
> 
> modules/mount_autofs.c:162
> 		execv(PATH_AUTOMOUNT, argv);
> 
> This is a strange question;  don't you trust the autofs maintainers that this
> actually happens?  =)

Urrr .. Urrr .. oh yes it's version 4.

And it can also exec executable maps (lookup_program.c:200)
Comment 42 Steve Grubb 2006-06-26 09:21:20 EDT
Jeff, its not a question of trust so much as it is how did this get missed.
Also, where are these executable maps kept? They probably need to be in their
own directory so that they can be easily labeled.
Comment 43 Jeff Moyer 2006-06-26 09:25:54 EDT
I see.  The executable maps live in /etc, typically.  I don't believe they
should be moved, but I could be swayed on that opinion.
Comment 44 Ian Kent 2006-06-26 09:47:01 EDT
(In reply to comment #42)
> Jeff, its not a question of trust so much as it is how did this get missed.
> Also, where are these executable maps kept? They probably need to be in their
> own directory so that they can be easily labeled.

For our builds they are always in /etc, all maps live in that directory.
Comment 45 Ian Kent 2006-06-26 09:54:23 EDT
(In reply to comment #43)
> I see.  The executable maps live in /etc, typically.  I don't believe they
> should be moved, but I could be swayed on that opinion.

Historically the location for all maps is /etc for our distro.
Some other distros put aside a special directory for them, such
as Gentoo. They store all maps in /etc/autofs.

The map location fixed at compile time and is now a configure
option in v5.
Comment 46 Ian Kent 2006-06-26 09:58:23 EDT
(In reply to comment #45)
> (In reply to comment #43)
> 
> The map location fixed at compile time and is now a configure
> option in v5.

Actually, I'm not sure that I check that sufficiently well.
I'll look and see.

Comment 47 Steve Grubb 2006-06-26 10:01:00 EDT
OK, where do all these executables come from? Are they in the same package or
are they 3rd party? If they are 3rd party we will likely want them in a
directory so they can be labeled consistently. I'll defer to Dan's judgement on
that, though.
Comment 48 Jeff Moyer 2006-06-26 10:07:07 EDT
We ship 2 executable maps, but others can be provided by 3rd parties.

Autofs has to live in mixed environments.  The same maps should work for Linux
and Sun automount implementations.  As such, we cannot require that the
executable maps live in their own directory.  Please let us know what
alternatives we have.

Thanks.
Comment 49 M.T 2006-07-03 02:33:18 EDT
Any news or progress so far?
Comment 50 Ian Kent 2006-07-03 03:31:51 EDT
(In reply to comment #49)
> Any news or progress so far?

Where still waiting on the selinux package maintainers.
Comment 51 Daniel Walsh 2006-07-09 06:49:32 EDT
Fixed in selinux-policy-2.3.2.fc5
Comment 52 Ian Kent 2006-07-09 22:45:50 EDT
(In reply to comment #51)
> Fixed in selinux-policy-2.3.2.fc5

Hi Dan,

It appears that this hasn't been submitted to testing.

Also I see that the module version has remained at 1.2.7.
Is that right?

This will make it really hard for people like me to identify
problems related to an older update of the module.

Ian
Comment 53 Daniel Walsh 2006-07-10 11:33:45 EDT
I leave it to upstream to update the module version, since this is part of the
base module, it should not be a problem.

I submitted the update yesterday so I am sure it will be submitted soon.
Comment 54 M.T 2006-07-13 02:07:35 EDT
I have noticed that there is a package selinux-policy.2.2.47, released at
7/10/2006. Is this the package we wait for?
Comment 55 Ian Kent 2006-07-13 05:01:44 EDT
(In reply to comment #54)
> I have noticed that there is a package selinux-policy.2.2.47, released at
> 7/10/2006. Is this the package we wait for?

Actually no.

But if you go to the updates directory on a mirror and then go
into the testing/5 directory you should see the selinux updates
version 2.3.2-1. We will need to test them before they are marked
as final and sent to the main repository.

Make sure you update all the selinux-policy-* packages you have
installed on the machine your using for this.

Ian
Comment 56 M.T 2006-08-01 07:40:07 EDT
Well done!. We have updated our clients, and it seems that mount of
/home/students/cs is ok.

Many thanks for your help.

Note You need to log in before you can comment on or make changes to this bug.