Bug 221718 - avc: denied { write } for pid=1806 comm="mount.ntfs-3g" name="fuse" dev=tmpfs ino=1732 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file
avc: denied { write } for pid=1806 comm="mount.ntfs-3g" name="fuse" dev=tm...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-06 12:46 EST by Erik Sohns
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:12:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
selinux_alert.txt (42.31 KB, text/plain)
2007-01-15 17:56 EST, Erik Sohns
no flags Details

  None (edit)
Description Erik Sohns 2007-01-06 12:46:19 EST
Description of problem:
i get the following intermittent syslog entries...

Jan  6 18:38:28 worms kernel: audit(1168105108.091:23): avc:  denied  { write }
for  pid=1806 comm="mount.ntfs-3g" name="fuse" dev=tmpfs ino=1732
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file

Jan  6 18:38:28 worms kernel: audit(1168105108.091:24): avc:  denied  { read }
for  pid=1806 comm="mount.ntfs-3g" name="fuse" dev=tmpfs ino=1732
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file

Version-Release number of selected component (if applicable):
Name        : selinux-policy-targeted      Relocations: (not relocatable)
Version     : 2.4.6                             Vendor: Red Hat, Inc.
Release     : 17.fc6                        Build Date: Fri 22 Dec 2006 06:44:03
PM CET
Install Date: Sat 06 Jan 2007 04:06:54 PM CET      Build Host: spud.z900.redhat.com
Group       : System Environment/Base       Source RPM:
selinux-policy-2.4.6-17.fc6.src.rpm
Size        : 17716833                         License: GPL
Signature   : DSA/SHA1, Fri 05 Jan 2007 04:24:04 PM CET, Key ID b44269d04f2a6fd2
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://serefpolicy.sourceforge.net
Summary     : SELinux targeted base policy
Description :
SELinux Reference policy targeted base module.

How reproducible:
Always

Steps to Reproduce:
1. use ntfs-3g filesystem in fstab
2. reboot
3.
  
Actual results:
intermittent syslog entries

Expected results:
should just work, shouldn't it ?

Additional info:
Comment 1 Szabolcs Szakacsits 2007-01-07 07:26:34 EST
selinux-policy-2.4.6-23 for RHEL5 and FC6 should fix this. Could you please try
it and let us know how it works? Thank you in advance.
Comment 2 Erik Sohns 2007-01-07 08:07:27 EST
could you point me to a place where i can download the rpm ? Can't seem to find
it in any yum repository (it's not in updates-testing, as far as i can see...)
Comment 3 Szabolcs Szakacsits 2007-01-07 08:17:32 EST
Current update. Some user already reported the new selinux-policy package fixed
their problems, so it should be available somewehere.
Comment 4 Erik Sohns 2007-01-08 09:23:44 EST
still happens, see below. Note that the mounting of the ntfs volumes does (seem
to) succeed... (not sure what the access to tmpfs is about)

Source Context:  system_u:system_r:mount_tTarget
Context:  system_u:object_r:fixed_disk_device_tTarget Objects:  fuse [ chr_file
]Affected RPM Packages:   Policy RPM:  selinux-policy-2.4.6-23.fc6Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  PermissivePlugin Name:  plugins.catchall_fileHost
Name:  worms.homePlatform:  Linux worms.home 2.6.18-1.2869.fc6 #1 SMP Wed Dec 20
14:51:19 EST 2006 i686 athlonAlert Count:  10Line Numbers:   Raw Audit Messages
:avc: denied { write } for comm="mount.ntfs-3g" dev=tmpfs name="fuse" pid=1622
scontext=system_u:system_r:mount_t:s0 tclass=chr_file
tcontext=system_u:object_r:fixed_disk_device_t:s0 
Comment 5 Erik Sohns 2007-01-15 17:56:12 EST
Created attachment 145628 [details]
selinux_alert.txt
Comment 6 Erik Sohns 2007-01-15 18:05:02 EST
Comment on attachment 145628 [details]
selinux_alert.txt

sorry for the garbage... here's another shot: the attachment contains the whole
log... Now I don't mind so much that starfighter and quake apparently have
trouble... but I would like to get antivir to work :-)
Comment 7 Daniel Walsh 2007-04-10 14:54:52 EDT
fixed in selinux-policy-2.4.6-49
Comment 8 Daniel Walsh 2007-08-22 10:12:26 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.