Bug 200587 - mount fails to read /etc/fstab on boot
Summary: mount fails to read /etc/fstab on boot
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-07-28 20:04 UTC by Jun'ichi Nomura (Red Hat)
Modified: 2013-04-02 23:51 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-07-29 08:26:59 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jun'ichi Nomura (Red Hat) 2006-07-28 20:04:45 UTC
Description of problem:

'mount' and 'fsck' in initscripts failed to read /etc/fstab.
As a result, no filesystems are mounted except that
root filesystem is remounted as read-only.
devpts is not mounted so sshd cannot open terminal for
remote login.
The problem disappears if "selinux=0" is given as boot parameter
or do 'chcon -t etc_runtime_t /etc/fstab'.

Version-Release number of selected component (if applicable):
rawhide-20060727
selinux-policy-2.3.3-10
selinux-policy-targeted-2.3.3-10
kernel-2.6.17-1.2449.fc6

How reproducible:
Always

Steps to Reproduce:
1. Install and reboot
2.
3.
  
Actual results:
System boots up.
No filesystems are mounted except that root filesystem
is mounted as read-only.
You can login with ssh but you won't see shell prompt.

Expected results:
All filesystems specified in fstab are mounted.
You can see shell prompt when you login with ssh.

Additional info:

Read failure is caused by type mismatch.

# dmesg|grep denied|audit2why
...
audit(1154111030.444:71): avc:  denied  { read } for  pid=2759 comm="mount"
name="fstab" dev=sdb7 ino=1558532 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=file
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check
boolean settings.
                You can see the necessary allow rules by running audit2allow
with this audit message as input.
...

# dmesg|grep denied| audit2allow
allow fsadm_t tmp_t:file read;
allow mount_t tmp_t:file read;
allow nmbd_t samba_log_t:dir create;
allow pam_console_t tmp_t:file read;
allow smbd_t samba_log_t:dir create;
allow udev_t watchdog_device_t:chr_file create;

There seems other files are access denied with similar reason, BTW.

The problem could be worked around by change the type of fstab.

# newrole -t initrc_t
# mount /boot
warning: can't open /etc/fstab: Permission denied
mount: can't find /boot in /etc/fstab or /etc/mtab
# chcon -t etc_runtime_t /etc/fstab
# mount /boot
(success)

Comment 1 Daniel Walsh 2006-07-29 08:26:59 UTC
Why is fstab labeled tmp_t.  It should be labeled etc_t.  If you create fstab in
/tmp and then mv it to /etc this could happen.  You need to restorecon /etc/fstab.


Comment 2 Jun'ichi NOMURA 2006-07-31 14:03:33 UTC
You're right. Thanks.
fstab is modified and mv from /tmp in kickstart post-installation script.


Note You need to log in before you can comment on or make changes to this bug.