Bug 208030 - selinux denies autofs permission to create mounts
selinux denies autofs permission to create mounts
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-25 18:08 EDT by Jack Neely
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-28 16:37:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jack Neely 2006-09-25 18:08:19 EDT
Description of problem:
I use autofs to mount users home directories under /ncsu by including the
following in /etc/auto.master

/ncsu  hesiod  --timeout=180

# ls /ncsu/jjneely
ls: /ncsu/jjneely: No such file or directory

From /var/log/audit.log:

type=AVC msg=audit(1159221702.052:7000): avc:  denied  { create } for  pid=23928
comm="automount" name="jjneely" scontext=root:system_r:automount_t:s0
tcontext=root:object_r:autofs_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1159221702.052:7000): arch=40000003 syscall=83 success=no
exit=-13 a0=b779bfdb a1=b779992c a2=15c2ec a3=b779992c items=2 ppid=1 pid=23928
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
comm="automount" exe="/usr/sbin/automount" subj=root:system_r:automount_t:s0
key=(null)
type=CWD msg=audit(1159221702.052:7000):  cwd="/"
type=PATH msg=audit(1159221702.052:7000): item=0
name="/afs/unity.ncsu.edu/users/j/jjneely" obj=system_u:object_r:lib_t:s0
type=PATH msg=audit(1159221702.052:7000): item=1 name="/ncsu/jjneely"
inode=218170 dev=00:18 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:autofs_t:s0


Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.3.3-22
Comment 1 Daniel Walsh 2006-09-28 14:43:29 EDT
Fixed in selinux-policy-2.3.16-6
Comment 2 Steve Grubb 2006-10-18 18:01:14 EDT
Requesting beta blocker since meets criteria and is already fixed.
Comment 3 RHEL Product and Program Management 2006-10-18 18:04:59 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.

Note You need to log in before you can comment on or make changes to this bug.