Red Hat Bugzilla – Bug 197089
SELinux prevents automount & ntp from running
Last modified: 2007-11-30 17:11:36 EST
Description of problem:
I installed fc6test1 and encountered a number of problems with the automounter;
most of them were automount bugs, but one problem seemed external to the
automounter. Ian Kent suggested disabling SELinux as a test and when I did that
problem went away. I also noticed that ntp started working after I disabled
SELinux (I hadn't gotten to looking at that yet). It seems the SELinux policies
on fc6test1 are a bit too aggressive.
The problem I was having was a lack of network traffic between the automount
daemon and the LDAP server holding the automount maps. I ran wireshark to
capture the network traffic (or lack thereof in this case) when launching the
automounter and not a single packet went to the LDAP server. After disabling
SELinux, it was able to communicate with my LDAP server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set SELinux to enforcing in /etc/sysconfig/selinux
3. The automount daemon fails
4. Set SELinux to permissive or disabled in /etc/sysconfig/selinux
6. The automount daemon works
The automount daemon cannot talk to the LDAP server with SELinux enabled &
The automount daemon should be able to talk to the LDAP server with SELinux
enabled & enforcing.
I noticed that when I ran 'service autofs start', there was no network traffic
between the automount daemon and the LDAP server, but, if I manually ran
/usr/sbin/automount (as root), then there were some LDAP queries on the wire.
I think this is fixed by selinux-policy-2.3.2-1
Can you confirm and close this report if this has been resolved?
I upgraded to selinux-policy-2.3.3-6 and libsepol-1.12.19-1.1 last night and now
the automounter is working again with SELinux enabled. Thanks!