Bug 200587 - mount fails to read /etc/fstab on boot
mount fails to read /etc/fstab on boot
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-07-28 16:04 EDT by Jun'ichi Nomura (Red Hat)
Modified: 2013-04-02 19:51 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-29 04:26:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jun'ichi Nomura (Red Hat) 2006-07-28 16:04:45 EDT
Description of problem:

'mount' and 'fsck' in initscripts failed to read /etc/fstab.
As a result, no filesystems are mounted except that
root filesystem is remounted as read-only.
devpts is not mounted so sshd cannot open terminal for
remote login.
The problem disappears if "selinux=0" is given as boot parameter
or do 'chcon -t etc_runtime_t /etc/fstab'.

Version-Release number of selected component (if applicable):
rawhide-20060727
selinux-policy-2.3.3-10
selinux-policy-targeted-2.3.3-10
kernel-2.6.17-1.2449.fc6

How reproducible:
Always

Steps to Reproduce:
1. Install and reboot
2.
3.
  
Actual results:
System boots up.
No filesystems are mounted except that root filesystem
is mounted as read-only.
You can login with ssh but you won't see shell prompt.

Expected results:
All filesystems specified in fstab are mounted.
You can see shell prompt when you login with ssh.

Additional info:

Read failure is caused by type mismatch.

# dmesg|grep denied|audit2why
...
audit(1154111030.444:71): avc:  denied  { read } for  pid=2759 comm="mount"
name="fstab" dev=sdb7 ino=1558532 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=file
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check
boolean settings.
                You can see the necessary allow rules by running audit2allow
with this audit message as input.
...

# dmesg|grep denied| audit2allow
allow fsadm_t tmp_t:file read;
allow mount_t tmp_t:file read;
allow nmbd_t samba_log_t:dir create;
allow pam_console_t tmp_t:file read;
allow smbd_t samba_log_t:dir create;
allow udev_t watchdog_device_t:chr_file create;

There seems other files are access denied with similar reason, BTW.

The problem could be worked around by change the type of fstab.

# newrole -t initrc_t
# mount /boot
warning: can't open /etc/fstab: Permission denied
mount: can't find /boot in /etc/fstab or /etc/mtab
# chcon -t etc_runtime_t /etc/fstab
# mount /boot
(success)
Comment 1 Daniel Walsh 2006-07-29 04:26:59 EDT
Why is fstab labeled tmp_t.  It should be labeled etc_t.  If you create fstab in
/tmp and then mv it to /etc this could happen.  You need to restorecon /etc/fstab.
Comment 2 Jun'ichi NOMURA 2006-07-31 10:03:33 EDT
You're right. Thanks.
fstab is modified and mv from /tmp in kickstart post-installation script.

Note You need to log in before you can comment on or make changes to this bug.