Bug 433407 - Comming autofs update needs Selinux policy update
Summary: Comming autofs update needs Selinux policy update
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 497273
TreeView+ depends on / blocked
 
Reported: 2008-02-19 03:39 UTC by Ian Kent
Modified: 2009-04-23 06:02 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 497273 (view as bug list)
Environment:
Last Closed: 2008-02-20 13:56:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Alerts from device file access (10.44 KB, text/plain)
2008-02-20 03:25 UTC, Ian Kent
no flags Details
Alerts from mount and umount (4.27 KB, text/plain)
2008-02-20 03:26 UTC, Ian Kent
no flags Details

Description Ian Kent 2008-02-19 03:39:41 UTC
Description of problem:

Heads up!

There is a problem with the active re-start, that is the
restart of autofs with active mounts.

The details are a bit complicated and the best way to
understand the problem is to look at bug #431716, in
particular comment #5. Bug #287411 is alao an example
of the problem.

The bottom line is that, to resolve the issue, ioctl
commands need to be sent to autofs via a miscellaneous
device node. So autofs will need appropriate access rights
to use the device file (udev creates it as /dev/autofs at
kernel module load time).

The changes for the kernel module and the daemon are well
along and I will collect specific avc messages as the final
step in my testing and post them to this bug.

The changes will, as the work progresses, need to find their
way into F8 (and perhaps F7), RHEL-5 and RHEL-4.

Ian

Comment 1 Ian Kent 2008-02-20 03:25:04 UTC
Created attachment 295375 [details]
Alerts from device file access

Comment 2 Ian Kent 2008-02-20 03:26:22 UTC
Created attachment 295376 [details]
Alerts from mount and umount

I'm also seeing these in F8.
They appear to be new alerts.

Comment 3 Daniel Walsh 2008-02-20 13:56:01 UTC
selinux-policy-3.2.8-2.fc9.noarch has the definition for /dev/autofs

The second group of avcs for mount seem to be a leaked file descriptor.

selinux-policy-3.0.8-88.fc8 has the same policy so please make sure it works in
rawhide.




Note You need to log in before you can comment on or make changes to this bug.