Description of problem: I'm getting a SElinux denial when rebooting system. Version-Release number of selected component (if applicable): How reproducible: Looks like everytime I reboot the system Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: I have some NFS shares that I mount in /etc/fstab, its those that triggers SElinux. At least thats what it lookslike for me. Here is the output from setroubleshooter browser regarding the entry: Source Context: user_u:system_r:unconfined_execmem_t Target Context: user_u:system_r:unconfined_t Target Objects: /bin/umount [ process ] Affected RPM Packages: coreutils-6.9-3.fc7 [application]util-linux-2.13-0.54.fc7 [target] Policy RPM: selinux-policy-2.6.4-40.fc7 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall Host Name: dag.inputdata.no Platform: Linux dag.inputdata.no 2.6.22.5-76.fc7 #1 SMP Thu Aug 30 13:47:21 EDT 2007 i686 i686 Alert Count: 6 First Seen: tir 14-08-2007 15:30:29 CEST Last Seen: fre 14-09-2007 16:42:22 CEST Local ID: d6a665be-1cfb-4d63-9efb-5adcd9a1eebb Line Numbers: Raw Audit Messages : avc: denied { transition } for comm="runcon" dev=dm-0 egid=0 euid=0 exe="/usr/bin/runcon" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="umount" path="/bin/umount" pid=4039 scontext=user_u:system_r:unconfined_execmem_t:s0 sgid=0 subj=user_u:system_r:unconfined_execmem_t:s0 suid=0 tclass=process tcontext=user_u:system_r:unconfined_t:s0 tty=pts0 uid=0
What is executing runcon? Nothing should be running this?
Created attachment 198211 [details] Entries in /var/log/messages from reoot of 14th sep.
I'm getting these entries when I'm rebooting the system. I've attached some output from /var/log/messages.
grep runcon /etc/rc.d/init.d/* Something is running runcon which should not.
[root@dag ~]# grep runcon /etc/rc.d/init.d/* /etc/rc.d/init.d/vmware: runcon -t $context -- $command
This is a bug in vmware. It should not be executing runcon in a script. Please report this to them, and add me to the list. If you remove the runcon and only run $command does it work?
Thanks, I've modified the script as you suggested, and the warning were gone from messages. I could not find anything that indicated that I've run into a different problem. So I'll file a bug at VMware.