First Last Prev Next    This bug is not in your last search results.
Bug 290941 - SELinux is preventing /usr/bin/runcon (unconfined_execmem_t) "transition" to /bin/umount (unconfined_t).
SELinux is preventing /usr/bin/runcon (unconfined_execmem_t) "transition" to ...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-14 10:58 EDT by Dag Bjerkeli
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-21 14:05:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Entries in /var/log/messages from reoot of 14th sep. (94.67 KB, text/plain)
2007-09-18 04:11 EDT, Dag Bjerkeli 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Dag Bjerkeli 2007-09-14 10:58:48 EDT 
Description of problem:
I'm getting a SElinux denial when rebooting system.

Version-Release number of selected component (if applicable):


How reproducible:
Looks like everytime I reboot the system

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
I have some NFS shares that I mount in /etc/fstab, its those that triggers
SElinux. At least thats what it lookslike for me.

Here is the output from setroubleshooter browser regarding the entry:

Source Context:  user_u:system_r:unconfined_execmem_t
Target Context:  user_u:system_r:unconfined_t
Target Objects:  /bin/umount [ process ]
Affected RPM Packages:  coreutils-6.9-3.fc7
[application]util-linux-2.13-0.54.fc7 [target]
Policy RPM:  selinux-policy-2.6.4-40.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall
Host Name:  dag.inputdata.no
Platform:  Linux dag.inputdata.no 2.6.22.5-76.fc7 #1 SMP Thu Aug 30 13:47:21 EDT
2007 i686 i686
Alert Count:  6
First Seen:  tir 14-08-2007 15:30:29 CEST
Last Seen:  fre 14-09-2007 16:42:22 CEST
Local ID:  d6a665be-1cfb-4d63-9efb-5adcd9a1eebb
Line Numbers:  
Raw Audit Messages :
avc: denied { transition } for comm="runcon" dev=dm-0 egid=0 euid=0
exe="/usr/bin/runcon" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="umount"
path="/bin/umount" pid=4039 scontext=user_u:system_r:unconfined_execmem_t:s0
sgid=0 subj=user_u:system_r:unconfined_execmem_t:s0 suid=0 tclass=process
tcontext=user_u:system_r:unconfined_t:s0 tty=pts0 uid=0
Comment 1 Daniel Walsh 2007-09-14 13:40:13 EDT 
What is executing runcon?  Nothing should be running this?
Comment 2 Dag Bjerkeli 2007-09-18 04:11:21 EDT 
Created attachment 198211 [details]
Entries in /var/log/messages from reoot of 14th sep.
Comment 3 Dag Bjerkeli 2007-09-18 04:13:42 EDT 
I'm getting these entries when I'm rebooting the system. I've attached some
output from /var/log/messages.
Comment 4 Daniel Walsh 2007-09-18 11:14:01 EDT 
grep runcon /etc/rc.d/init.d/*

Something is running runcon which should not.
Comment 5 Dag Bjerkeli 2007-09-20 02:16:05 EDT 
[root@dag ~]# grep runcon /etc/rc.d/init.d/*
/etc/rc.d/init.d/vmware:      runcon -t $context -- $command
Comment 6 Daniel Walsh 2007-09-21 14:05:38 EDT 
This is a bug in vmware.  It should not be executing runcon in a script.

Please report this to them, and add me to the list.  If you remove the runcon
and only run $command does it work?
Comment 7 Dag Bjerkeli 2007-09-24 03:14:02 EDT 
Thanks, I've modified the script as you suggested, and the warning were gone
from messages.  I could not find anything that indicated that I've run into a
different problem. So I'll file a bug at VMware.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.