Bug 201164 - Targed policy prevents fsck.xfs from checking the root file system
Targed policy prevents fsck.xfs from checking the root file system
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-03 06:24 EDT by Jeremias Reith
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-09 10:12:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeremias Reith 2006-08-03 06:24:37 EDT
Description of problem:

The current test1 cannot boot with an enabled targeted policy and a xfs root file system as fsck.xfs isn't 
allowed to check the file system

How reproducible:

Install Test1 on a xfs file system
  
Actual results (messages while booting):

Checking all file systems.
[/sbin/fsck.xfs (1) -- /] fsck.xfs -a /dev/md1 
fsck.xfs: Permission denied
[FAILED]

*** An error occurred during the file system check.
*** Dropping you to a shell; the system will reboot
*** when you leave the shell.
*** Warning -- SELinux is active
*** Disabling security enforcement for system recovery.
*** Run 'setenforce 1' to reenable.
Give root password for maintenance
(or type Control-D to continue): 

And here are the avc messages:

audit(1154600649.174:3): avc:  denied  { execute } for  pid=1055 comm="fsck" name="bash" 
dev=md1 ino=335684494 scontext=system_u:system_r:fsadm_t:s0 
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1154600649.174:4): avc:  denied  { read } for  pid=1055 comm="fsck" name="bash" dev=md1 
ino=335684494 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 
tclass=file



Expected results:

fsck.xfs checks the file system

Additional info:

The system boots fine with enforcing=0
Comment 1 Daniel Walsh 2006-09-18 13:29:12 EDT
Fixed in selinux-policy-2.3.14-4
Comment 2 Matthew Miller 2007-04-06 15:49:42 EDT
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer
test releases. We're cleaning up the bug database and making sure important bug
reports filed against these test releases don't get lost. It would be helpful if
you could test this issue with a released version of Fedora or with the latest
development / test release. Thanks for your help and for your patience.

[This is a bulk message for all open FC5/FC6 test release bugs. I'm adding
myself to the CC list for each bug, so I'll see any comments you make after this
and do my best to make sure every issue gets proper attention.]
Comment 3 Daniel Walsh 2007-04-09 10:12:04 EDT
All fixed in the current release

Note You need to log in before you can comment on or make changes to this bug.