Description of problem: Heads up! There is a problem with the active re-start, that is the restart of autofs with active mounts. The details are a bit complicated and the best way to understand the problem is to look at bug #431716, in particular comment #5. Bug #287411 is alao an example of the problem. The bottom line is that, to resolve the issue, ioctl commands need to be sent to autofs via a miscellaneous device node. So autofs will need appropriate access rights to use the device file (udev creates it as /dev/autofs at kernel module load time). The changes for the kernel module and the daemon are well along and I will collect specific avc messages as the final step in my testing and post them to this bug. The changes will, as the work progresses, need to find their way into F8 (and perhaps F7), RHEL-5 and RHEL-4. Ian
Created attachment 295375 [details] Alerts from device file access
Created attachment 295376 [details] Alerts from mount and umount I'm also seeing these in F8. They appear to be new alerts.
selinux-policy-3.2.8-2.fc9.noarch has the definition for /dev/autofs The second group of avcs for mount seem to be a leaked file descriptor. selinux-policy-3.0.8-88.fc8 has the same policy so please make sure it works in rawhide.