Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 207907 - Relabel has problem with bind mounts
Relabel has problem with bind mounts
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: policycoreutils (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-25 06:38 EDT by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-29 09:48:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2006-09-25 06:38:17 EDT
Description of problem:
A system which has too less disk space on / uses a bind mount for e.g.
/var/spool/squid. After trying to enable selinux many warnings were seen. They
did not go away after relabling. I believe, this is caused by the bind mount

Version-Release number of selected component (if applicable):
policycoreutils-1.18.1-4.9


How reproducible:
After each relabel

Steps to Reproduce:
# grep squid /etc/fstab
/mnt/extra/var/spool/squid      /var/spool/squid        ext3    bind    0 0

# mount | grep squid
/mnt/extra/var/spool/squid on /var/spool/squid type ext3 (rw,bind)
mount

 
Actual results:
Sep 24 18:57:29 proxy kernel: audit(1159117049.188:30): avc:  denied  { rename }
for  pid=3917 comm="squid" name="swap.state.clean" dev=sdc1 ino=230524
scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t tclass=file
Sep 24 18:57:29 proxy kernel: audit(1159117049.188:31): avc:  denied  { unlink }
for  pid=3917 comm="squid" name="swap.state" dev=sdc1 ino=230526
scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t tclass=file


Expected results:
No such messages

Additional info:

Selinux is currently disabled for now, so I can't provide "ls -Z" at the moment.
Comment 1 Daniel Walsh 2006-09-25 11:57:10 EDT
file_t indicates that there are still files on the system that are labeled
incorrectly.  What kind of file system are you bind mounting?  

You could execute 

chcon -R system_u:object_r:squid_cache_t /mnt/extra/var/spool/squid

Which should fix the problem
Comment 2 Peter Bieringer 2006-12-23 09:53:27 EST
Filesystem is ext3

# mount |grep extra
/dev/sdc1 on /mnt/extra type ext3 (rw)
/mnt/extra/var/cache on /var/cache type ext3 (rw,bind)
/mnt/extra/var/local on /var/local type ext3 (rw,bind)
/mnt/extra/var/spool/squid on /var/spool/squid type ext3 (rw,bind)

Looks like your workaround helped.

Note You need to log in before you can comment on or make changes to this bug.