247300 – rpc.mountd accesses a bunch of files it shouldn't.

Bug 247300 - rpc.mountd accesses a bunch of files it shouldn't.

Summary: rpc.mountd accesses a bunch of files it shouldn't.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nfs-utils
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Steve Dickson
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-07-06 18:51 UTC by Dave Jones
Modified:	2015-01-04 22:29 UTC (History)
CC List:	5 users (show)
Fixed In Version:	113-8.fc7
Clone Of:
Environment:
Last Closed:	2007-08-06 17:57:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
strace of rpc.mountd (266.18 KB, text/plain) 2007-07-06 19:43 UTC, Dave Jones	no flags	Details
View All

Description Dave Jones 2007-07-06 18:51:31 UTC

When I start an nfs server, I see this in dmesg ..

audit(1183747706.824:4): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="rtc0" dev=tmpfs ino=5317
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:5): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb2" dev=tmpfs ino=5284
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:6): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb4" dev=tmpfs ino=5110
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:7): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb3" dev=tmpfs ino=5098
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:8): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb1" dev=tmpfs ino=4994
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:9): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="kcore" dev=proc ino=4026531861
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0
tclass=file
audit(1183747706.824:10): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="rtc0" dev=tmpfs ino=5317
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:11): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb2" dev=tmpfs ino=5284
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:12): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb4" dev=tmpfs ino=5110
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:13): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb3" dev=tmpfs ino=5098
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:14): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb1" dev=tmpfs ino=4994
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:15): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="kcore" dev=proc ino=4026531861
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0
tclass=file
audit(1183747706.824:16): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="rtc0" dev=tmpfs ino=5317
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:17): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb2" dev=tmpfs ino=5284
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:18): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb4" dev=tmpfs ino=5110
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:19): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb3" dev=tmpfs ino=5098
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:20): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="usb1" dev=tmpfs ino=4994
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file
audit(1183747706.824:21): avc:  denied  { getattr } for  pid=2320
comm="rpc.mountd" name="kcore" dev=proc ino=4026531861
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0
tclass=file


rpc.mountd really shouldn't be touching any of those files afaics.
(Why would it care about usb, or the rtc etc?)

Comment 1 Dave Jones 2007-07-06 19:43:35 UTC

Created attachment 158699 [details]
strace of rpc.mountd

I did an strace on the rpc.mountd process.  It periodically goes nuts, trying
to access a ton of files. Some of which don't exist, and never have.
(/devfs ?   /proc/evms ?)

log attached.

Comment 2 Ben Webb 2007-07-10 21:03:11 UTC

I get almost exactly the same behavior on my system (Fedora 7, x86_64), usually
for kcore, but occasionally for other files too:

audit(1184101280.748:1553): avc:  denied  { getattr } for  pid=2280
comm="rpc.mountd" name="kcore" dev=proc ino=4026531862
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0
tclass=file

Comment 3 Daniel Walsh 2007-07-11 20:13:45 UTC

Dave I see from your avc messages that you have some new devices that are not
labeled (or labeled device_t).

usb1, usb2...
Are these /dev/usb1?

What is /dev/rtc0?

Comment 4 Dave Jones 2007-07-12 20:52:43 UTC

yes, these are /dev/usb1 etc.

rtc0 is the real time clock. Something that rpc should have no business looking at.

Could this be a symptom of a leaked file descriptor from something run earlier ?
I've no idea why rpc.mountd would care about any of this.

Comment 5 Daniel Walsh 2007-07-13 11:31:19 UTC

Looks like rpc.mound is just listing the contents of /dev and /proc looking for
something, and this is triggering the AVC's.  The policy currently has
dontaudit;s for properly named devices, but these devices had no label, so they
were improperly labeled device_t, thus the avc messages.  No Block Device or
Char Device should ever be labeled device_t. 

Should be fixes in selinux-policy-2.6.4-28.fc7

Comment 6 Dave Jones 2007-07-16 01:58:08 UTC

rpc.mountd still should have no business looking at those files.
Whilst it won't trigger avc's any more, it'll still be doing a bunch of
unnecessary work every time a client does a mount.

Comment 7 Håkan Hjort 2007-07-29 04:06:23 UTC

I get these 'setroubleshoot' alerts after starting an NFS server, despite having
the selinux-policy-2.6.4-28.fc7 policy mentioned in #5.

avc: denied { getattr } for comm="rpc.mountd" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/rpc.mountd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="1-9"
path="/dev/1-9" pid=30242 scontext=system_u:system_r:nfsd_t:s0 sgid=0
subj=system_u:system_r:nfsd_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 

avc: denied { getattr } for comm="rpc.mountd" dev=tmpfs egid=0 euid=0
exe="/usr/sbin/rpc.mountd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="2-2"
path="/dev/2-2" pid=30242 scontext=system_u:system_r:nfsd_t:s0 sgid=0
subj=system_u:system_r:nfsd_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 

Source Context:  system_u:system_r:nfsd_tTarget Context:  system_u:object_r:device_t
Target Objects:  /dev/2-2 [ chr_file ]
Affected RPM Packages:  nfs-utils-1.0.12-4.fc7 [application]
Policy RPM:  selinux-policy-2.6.4-28.fc7

$ ls -lZ
crw-------  root root system_u:object_r:device_t       /dev/1-9
crw-------  root root system_u:object_r:device_t       /dev/2-2
crw-------  root root system_u:object_r:device_t       /dev/2-4
$ ls -l
crw------- 1 root root 189,   1 2007-07-27 06:24 /dev/1-9
crw------- 1 root root 189, 131 2007-07-27 16:50 /dev/2-2
crw------- 1 root root 189, 129 2007-07-27 06:24 /dev/2-4

also the access to kcore remains.
avc: denied { getattr } for comm="rpc.mountd" dev=proc egid=0 euid=0
exe="/usr/sbin/rpc.mountd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="kcore"
path="/proc/kcore" pid=30242 scontext=system_u:system_r:nfsd_t:s0 sgid=0
subj=system_u:system_r:nfsd_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:proc_kcore_t:s0 tty=(none) uid=0

Comment 8 Daniel Walsh 2007-07-30 13:45:00 UTC

What are /dev/1-9?

Comment 9 Håkan Hjort 2007-07-30 15:00:55 UTC

# ls -l /dev/|grep 189
crw-------  1 root  root 189,   1 2007-07-27 06:24 1-9
crw-------  1 root  root 189, 131 2007-07-27 16:50 2-2
crw-------  1 root  root 189, 129 2007-07-27 06:24 2-4
crw-------  1 root  root 189,   0 2007-07-27 06:24 usb1
crw-------  1 root  root 189, 128 2007-07-27 06:24 usb2

# lsusb 
Bus 002 Device 004: ID 059f:0651 LaCie, Ltd 
Bus 002 Device 002: ID 0ea0:2126 Ours Technology, Inc. 7-in-1 Card Reader
Bus 002 Device 001: ID 0000:0000  
Bus 001 Device 002: ID 045e:0040 Microsoft Corp. Wheel Mouse Optical
Bus 001 Device 001: ID 0000:0000  

So a usb hard drive, card reader and mouse.  Where they expected to be named
usb1-9 etc. ?

Here are parts of /var/log/messages
Jul 27 06:24:37 svart kernel: ohci_hcd 0000:00:02.0: OHCI Host Controller
Jul 27 06:24:37 svart kernel: ohci_hcd 0000:00:02.0: new USB bus registered,
assigned bus number 1
Jul 27 06:24:37 svart kernel: ohci_hcd 0000:00:02.0: irq 23, io mem 0xf8102000
Jul 27 06:24:37 svart kernel: usb usb1: configuration #1 chosen from 1 choice
Jul 27 06:24:37 svart kernel: hub 1-0:1.0: USB hub found
Jul 27 06:24:37 svart kernel: hub 1-0:1.0: 10 ports detected
...
Jul 27 06:24:37 svart kernel: ehci_hcd 0000:00:02.1: EHCI Host Controller
Jul 27 06:24:37 svart kernel: ehci_hcd 0000:00:02.1: new USB bus registered,
assigned bus number 2
Jul 27 06:24:37 svart kernel: ehci_hcd 0000:00:02.1: debug port 1
Jul 27 06:24:37 svart rpc.statd[2351]: Version 1.0.11 Starting
Jul 27 06:24:37 svart kernel: ehci_hcd 0000:00:02.1: irq 22, io mem 0xfeb00000
Jul 27 06:24:37 svart kernel: ehci_hcd 0000:00:02.1: USB 2.0 started, EHCI 1.00,
driver 10 Dec 2004
Jul 27 06:24:37 svart kernel: usb usb2: configuration #1 chosen from 1 choice
Jul 27 06:24:37 svart kernel: hub 2-0:1.0: USB hub found
Jul 27 06:24:37 svart kernel: hub 2-0:1.0: 10 ports detected
...
Jul 27 06:24:37 svart kernel: usb 2-4: new high speed USB device using ehci_hcd
and address 2
Jul 27 06:24:37 svart kernel: usb 2-4: configuration #1 chosen from 1 choice
...
Jul 27 06:24:37 svart kernel: usb 1-9: new low speed USB device using ohci_hcd
and address 2
Jul 27 06:24:37 svart kernel: usb 1-9: configuration #1 chosen from 1 choice
Jul 27 06:24:37 svart kernel: input: Microsoft Microsoft 3-Button Mouse with
IntelliEye(TM) as /class/input/inp
ut2
...
Jul 27 16:50:34 svart kernel: usb 2-2: new high speed USB device using ehci_hcd
and address 4
Jul 27 16:50:34 svart kernel: usb 2-2: configuration #1 chosen from 1 choice
Jul 27 16:50:34 svart kernel: scsi7 : SCSI emulation for USB Mass Storage devices

Comment 10 Daniel Walsh 2007-07-30 15:49:42 UTC

This looks like udev screwed up????

Comment 11 Harald Hoyer 2007-07-30 16:22:56 UTC

The kernel changed and introduced a new usb naming scheme.
udev-113-7.fc7 is pending for fedora testing updates..

Comment 12 Fedora Update System 2007-07-31 22:51:01 UTC

udev-113-8.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2007-08-06 17:57:27 UTC

udev-113-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.