Bug 207907 - Relabel has problem with bind mounts
Summary: Relabel has problem with bind mounts
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: policycoreutils
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-25 10:38 UTC by Peter Bieringer
Modified: 2007-11-30 22:07 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2007-01-29 14:48:37 UTC


Attachments (Terms of Use)

Description Peter Bieringer 2006-09-25 10:38:17 UTC
Description of problem:
A system which has too less disk space on / uses a bind mount for e.g.
/var/spool/squid. After trying to enable selinux many warnings were seen. They
did not go away after relabling. I believe, this is caused by the bind mount

Version-Release number of selected component (if applicable):
policycoreutils-1.18.1-4.9


How reproducible:
After each relabel

Steps to Reproduce:
# grep squid /etc/fstab
/mnt/extra/var/spool/squid      /var/spool/squid        ext3    bind    0 0

# mount | grep squid
/mnt/extra/var/spool/squid on /var/spool/squid type ext3 (rw,bind)
mount

 
Actual results:
Sep 24 18:57:29 proxy kernel: audit(1159117049.188:30): avc:  denied  { rename }
for  pid=3917 comm="squid" name="swap.state.clean" dev=sdc1 ino=230524
scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t tclass=file
Sep 24 18:57:29 proxy kernel: audit(1159117049.188:31): avc:  denied  { unlink }
for  pid=3917 comm="squid" name="swap.state" dev=sdc1 ino=230526
scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t tclass=file


Expected results:
No such messages

Additional info:

Selinux is currently disabled for now, so I can't provide "ls -Z" at the moment.

Comment 1 Daniel Walsh 2006-09-25 15:57:10 UTC
file_t indicates that there are still files on the system that are labeled
incorrectly.  What kind of file system are you bind mounting?  

You could execute 

chcon -R system_u:object_r:squid_cache_t /mnt/extra/var/spool/squid

Which should fix the problem

Comment 2 Peter Bieringer 2006-12-23 14:53:27 UTC
Filesystem is ext3

# mount |grep extra
/dev/sdc1 on /mnt/extra type ext3 (rw)
/mnt/extra/var/cache on /var/cache type ext3 (rw,bind)
/mnt/extra/var/local on /var/local type ext3 (rw,bind)
/mnt/extra/var/spool/squid on /var/spool/squid type ext3 (rw,bind)

Looks like your workaround helped.


Note You need to log in before you can comment on or make changes to this bug.