Bug 212674 - Fedora is unable to mount /var/log after install
Fedora is unable to mount /var/log after install
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-27 18:26 EDT by Stephen John Smoogen
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-28 15:52:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen John Smoogen 2006-10-27 18:26:48 EDT
Description of problem:

During booting of FC6, we create a seperate /var/log/ partition for limits on
audit growth. After rebooting, FC6 complained that it could not mount volgroup03
and tried to mount it read-only. It could not do this either and various other
programs failed to start running (psacct) because their sub-directories were not
available. Was able to get system to boot by turning selinux off. Changed it
temporarily to just complain

Complaints are:

SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
audit(1161986094.677:3): avc:  denied  { execute } for  pid=1227 comm="bash"
name="bash" dev=dm-0 ino=463972 scontext=system_u:system_r:rhgb_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
ACPI: Power Button (FF) [PWRF]
ACPI: Power Button (CM) [VBTN]
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
device-mapper: multipath: version 1.0.4 loaded
EXT3 FS on dm-0, internal journal
audit(1161986103.613:4): avc:  denied  { mounton } for  pid=1357 comm="mount"
name="log" dev=dm-0 ino=1507330 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir

[The first one I don't know where it is yet. THe second is when it trying to
mount other sub-directories.]


Version-Release number of selected component (if applicable):

initscripts-8.45.3-1

How reproducible:

100% [Did 2 installs of FC6]

Steps to Reproduce:
1. Install FC6
2. Create a /var/log partition
3. Watch it fail to mount
Comment 1 Stephen John Smoogen 2006-10-27 18:35:56 EDT
[root@glasya ~]# audit2allow -d                       
allow mount_t var_log_t:dir mounton;
allow rhgb_t usr_t:file execute;

I forgot to add that.
Comment 2 Bill Nottingham 2006-10-27 23:05:09 EDT
This looks like it should be allowed by policy - reassigning. 

The rhgb one is odd, though - why is it trying to execute bash?
Comment 3 Ray Strode [halfline] 2006-10-29 01:26:15 EST
the rhgb code is some loony thing I came up with and regretted later.

There should be an rhgb in testing soon that will drop that (and fix other issues)

Note You need to log in before you can comment on or make changes to this bug.