Red Hat Bugzilla – Bug 244957
selinuxfs avc denials
Last modified: 2007-11-30 17:12:08 EST
Description of problem: I get these every time I boot-up the system (and variants of it while rebooting or when I plug in a removable drive and is being mounted by hal); >> .... Jun 19 23:29:45 agape kernel: audit(1182310170.673:5): avc: denied { getattr } for pid=1609 comm="fsck" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 19 23:29:45 agape kernel: audit(1182310170.947:6): avc: denied { getattr } for pid=1615 comm="mount" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem ... Jun 19 23:29:45 agape kernel: audit(1182310171.896:7): avc: denied { getattr } for pid=1675 comm="swapon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 19 23:29:45 agape kernel: Adding 2031608k swap on /dev/VolGroup00/LogVol01. Priority:-1 extents:1 across:2031608k Jun 19 23:29:45 agape kernel: audit(1182310174.389:8): avc: denied { getattr } for pid=1727 comm="ip6tables-resto" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem ... Jun 19 23:29:45 agape kernel: audit(1182310179.363:9): avc: denied { getattr } for pid=1924 comm="ifconfig" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem >>> Also Jun 19 17:54:58 agape setroubleshoot: SELinux is preventing /bin/umount (mount_t) "getattr" to / (security_t). For complete SELinux messages. run sealert -l 6011d13b-f5c5-43ba-ba35-28cb7e203ac2 [deji@agape ~]$ sealert -l 6011d13b-f5c5-43ba-ba35-28cb7e203ac2 ***MEMORY-WARNING***: [3230]: GSlice: g_thread_init() must be called before all other GLib functions; memory corruption due to late invocation of g_thread_init() has been detected; this program is likely to crash, leak or unexpectedly abort soon... Summary SELinux is preventing /bin/umount (mount_t) "getattr" to / (security_t). Detailed Description SELinux denied access requested by /bin/umount. It is not expected that this access is required by /bin/umount and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:mount_t Target Context system_u:object_r:security_t Target Objects / [ filesystem ] Affected RPM Packages util-linux-2.13-0.51.fc7 [application]filesystem-2.4.9-1.fc8 [target] Policy RPM selinux-policy-2.6.5-2.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name agape Platform Linux agape 2.6.21-1.3225.fc8 #1 SMP Sun Jun 17 19:52:00 EDT 2007 x86_64 x86_64 Alert Count 40 First Seen Fri Jun 8 00:43:32 2007 Last Seen Tue Jun 19 17:54:56 2007 Local ID 6011d13b-f5c5-43ba-ba35-28cb7e203ac2 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="umount" dev=selinuxfs egid=0 euid=0 exe="/bin/umount" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=900 scontext=system_u:system_r:mount_t:s0 sgid=0 subj=system_u:system_r:mount_t:s0 suid=0 tclass=filesystem tcontext=system_u:object_r:security_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
These are now fixed in the current release, selinux-policy-3.0.1-3.fc8.