Bug 197089 - SELinux prevents automount & ntp from running
SELinux prevents automount & ntp from running
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-28 10:44 EDT by Jeff Bastian
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.3.3-6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-21 17:40:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Bastian 2006-06-28 10:44:06 EDT
Description of problem:
I installed fc6test1 and encountered a number of problems with the automounter;
most of them were automount bugs, but one problem seemed external to the
automounter.  Ian Kent suggested disabling SELinux as a test and when I did that
problem went away.  I also noticed that ntp started working after I disabled
SELinux (I hadn't gotten to looking at that yet).  It seems the SELinux policies
on fc6test1 are a bit too aggressive.

The problem I was having was a lack of network traffic between the automount
daemon and the LDAP server holding the automount maps.  I ran wireshark to
capture the network traffic (or lack thereof in this case) when launching the
automounter and not a single packet went to the LDAP server.  After disabling
SELinux, it was able to communicate with my LDAP server.

Version-Release number of selected component (if applicable):
selinux-policy-2.3.1-1
selinux-policy-targeted-2.3.1-1

How reproducible:
Every time

Steps to Reproduce:
1. Set SELinux to enforcing in /etc/sysconfig/selinux
2. Reboot
3. The automount daemon fails
4. Set SELinux to permissive or disabled in /etc/sysconfig/selinux
5. Reboot
6. The automount daemon works
  
Actual results:
The automount daemon cannot talk to the LDAP server with SELinux enabled &
enforcing.

Expected results:
The automount daemon should be able to talk to the LDAP server with SELinux
enabled & enforcing.

Additional info:
I noticed that when I ran 'service autofs start', there was no network traffic
between the automount daemon and the LDAP server, but, if I manually ran
/usr/sbin/automount (as root), then there were some LDAP queries on the wire.
Comment 1 Daniel Walsh 2006-07-11 14:15:46 EDT
I think this is fixed by selinux-policy-2.3.2-1
Comment 2 Rahul Sundaram 2006-07-20 20:02:25 EDT
Jeff,

Can you confirm and close this report if this has been resolved?
Comment 3 Jeff Bastian 2006-07-21 17:40:40 EDT
I upgraded to selinux-policy-2.3.3-6 and libsepol-1.12.19-1.1 last night and now
the automounter is working again with SELinux enabled.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.